{"data":{"id":"8b02218a-783b-4d02-81b3-c96b19310ca8","title":"CVE-2026-7803: IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with","summary":"IBM Langflow OSS (an open-source tool for building AI workflows) versions 1.0.0 through 1.10.0 has a security flaw where it doesn't properly check the data in flow nodes (building blocks of a workflow) when their component type fields are missing or empty, which could allow an attacker to run arbitrary code (any commands they want) on the system. The vulnerability is caused by improper input validation (failing to check whether incoming data is safe and correct before using it).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7803","publishedAt":"2026-06-30T20:17:31.413Z","cveId":"CVE-2026-7803","cweIds":["CWE-20"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T20:17:31.413Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}