Remote Code Execution Vulnerability in IBM Langflow OSS - Improper Isolation Flaw
CVE-2026-10561

10CRITICAL

Key Information:

Vendor: IBM
Status: Langflow Oss
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-10561?

An improper isolation vulnerability in IBM Langflow OSS affects versions 1.0.0 through 1.9.3, allowing unauthenticated attackers to execute arbitrary code on compromised systems. This flaw arises from a failure to adequately isolate Python execution environments, resulting in significant security risks for users and systems relying on this product.

Affected Version(s)

Langflow OSS 1.0.0 <= 1.9.3

References

https://www.ibm.com/support/pages/node/7277242

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 1, 2026

CVE-2026-10561 Data

JSON