{"data":{"id":"64d66dc7-339a-441d-b23a-a78c304b7040","title":"CVE-2026-7873: IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive","summary":"IBM Langflow OSS (an open-source AI framework) versions 1.0.0 through 1.10.0 has a vulnerability that lets authenticated users (those with login access) run arbitrary OS commands (any instructions on the computer's operating system) and access sensitive files like credentials, potentially compromising the entire system and allowing attackers to move to other connected systems. This is classified as a code injection flaw (CVE-2026-7873), where attackers can trick the application into executing malicious code.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7873","publishedAt":"2026-06-30T20:17:31.750Z","cveId":"CVE-2026-7873","cweIds":["CWE-94"],"cvssScore":"9.9","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow OSS"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T20:17:31.750Z","capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}