Arbitrary Code Execution Vulnerability in IBM Langflow Desktop
CVE-2026-3357

8.8HIGH

Key Information:

Vendor

IBM

Vendor
CVE Published:
8 April 2026

What is CVE-2026-3357?

IBM Langflow Desktop versions 1.6.0 to 1.8.2 are susceptible to an arbitrary code execution vulnerability due to insecure default settings that allow the deserialization of untrusted data in the FAISS component. This security risk can be exploited by authenticated users, potentially compromising the integrity and security of the system by executing unintended commands or malicious code.

Affected Version(s)

Langflow Desktop 1.6.0 <= 1.8.2

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This vulnerability was reported to IBM by Weblover.
.