Arbitrary Code Execution Vulnerability in IBM Langflow Desktop
CVE-2026-3357
8.8HIGH
What is CVE-2026-3357?
IBM Langflow Desktop versions 1.6.0 to 1.8.2 are susceptible to an arbitrary code execution vulnerability due to insecure default settings that allow the deserialization of untrusted data in the FAISS component. This security risk can be exploited by authenticated users, potentially compromising the integrity and security of the system by executing unintended commands or malicious code.
Affected Version(s)
Langflow Desktop 1.6.0 <= 1.8.2