Remote Code Execution Vulnerability in IBM Langflow Desktop
CVE-2026-6543

8.8HIGH

Key Information:

Vendor: IBM
Status: Langflow Desktop
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-6543?

IBM Langflow Desktop versions 1.0.0 through 1.8.4 contain a security vulnerability that allows attackers to execute arbitrary commands with the privileges of the Langflow process. This exploit could lead to the reading of sensitive environment variables, such as API keys and database credentials, enabling attackers to modify files or initiate further attacks on the internal network.

Affected Version(s)

Langflow Desktop 1.0.0 <= 1.8.4

References

https://www.ibm.com/support/pages/node/7271092

vendor-advisorypatch

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 17, 2026

Credit

Eran Shimony (Palo Alto Networks)

CVE-2026-6543 Data

JSON