Arbitrary OS Command Execution Vulnerability in IBM Langflow OSS
CVE-2026-7873

9.9CRITICAL

Key Information:

Vendor: IBM
Status: Langflow Oss
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-7873?

IBM Langflow OSS versions 1.0.0 through 1.10.0 are susceptible to a vulnerability that allows authenticated attackers to execute arbitrary operating system commands. This weakness not only grants access to restricted functionalities but also enables attackers to read sensitive files, including credentials. Such capabilities significantly elevate the risk of complete system compromise and facilitate lateral movement within the network, making it critical for organizations to address this issue promptly.

Affected Version(s)

Langflow OSS 1.0.0 <= 1.10.0

References

https://www.ibm.com/support/pages/node/7278441

vendor-advisorypatch

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-7873 Data

JSON