CVE-2026-7803: IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with
Summary
IBM Langflow OSS (an open-source tool for building AI workflows) versions 1.0.0 through 1.10.0 has a security flaw where it doesn't properly check the data in flow nodes (building blocks of a workflow) when their component type fields are missing or empty, which could allow an attacker to run arbitrary code (any commands they want) on the system. The vulnerability is caused by improper input validation (failing to check whether incoming data is safe and correct before using it).
Vulnerability Details
9.8(critical)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
network
low
none
none
June 30, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7803
First tracked: June 30, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%