CVE-2026-6543: IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges o
Summary
IBM Langflow Desktop versions 1.0.0 through 1.8.4 contains a code injection vulnerability (CWE-94, a flaw where attackers can insert and execute their own code) that allows attackers to run arbitrary commands (any commands an attacker chooses) with the same permissions as the Langflow application. This could let attackers steal sensitive information like API keys and database passwords, modify files, or attack other systems on the network.
Vulnerability Details
8.8(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
network
low
low
none
April 30, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-6543
First tracked: May 1, 2026 at 02:07 AM
Classified by LLM (prompt v3) · confidence: 92%