{"data":{"id":"2dceda99-c7d4-4dfd-bf9f-973f6921fc2e","title":"CVE-2026-3357: IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the sys","summary":"IBM Langflow Desktop versions 1.6.0 through 1.8.2 contain a vulnerability that allows an authenticated user (someone who has already logged in) to run arbitrary code on the system. The flaw stems from an insecure default setting that allows deserialization of untrusted data (converting data from an external source back into code without checking if it's safe) in the FAISS component (a component used for similarity searching).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-3357","publishedAt":"2026-04-08T01:16:41.057Z","cveId":"CVE-2026-3357","cweIds":["CWE-502"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow","Langflow Desktop"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-08T01:16:41.057Z","capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}