CVE-2026-7871: IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application pri
Summary
IBM Langflow OSS (open-source software) versions 1.0.0 through 1.10.0 have a security flaw where users who can access Redis (a data storage system) can execute arbitrary code (run commands they shouldn't be able to run) with full control over the application, potentially exposing all stored secrets, data, and system integrity.
Vulnerability Details
9.8(critical)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
network
low
none
none
June 30, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7871
First tracked: June 30, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%