{"data":{"id":"e3dddfc4-6bf2-43c8-a825-dcbb90a25fa7","title":"CVE-2026-6543: IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges o","summary":"IBM Langflow Desktop versions 1.0.0 through 1.8.4 contains a code injection vulnerability (CWE-94, a flaw where attackers can insert and execute their own code) that allows attackers to run arbitrary commands (any commands an attacker chooses) with the same permissions as the Langflow application. This could let attackers steal sensitive information like API keys and database passwords, modify files, or attack other systems on the network.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-6543","publishedAt":"2026-04-30T22:16:26.467Z","cveId":"CVE-2026-6543","cweIds":["CWE-94"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-30T22:16:26.467Z","capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}