Privilege Escalation Vulnerability in IBM Langflow OSS
CVE-2026-8635

9.9CRITICAL

Key Information:

Vendor

IBM

Vendor
CVE Published:
17 July 2026

What is CVE-2026-8635?

A vulnerability in IBM Langflow OSS versions 1.0.0 through 1.10.0 permits authenticated users to escalate their privileges to superuser. This flaw allows for direct manipulation of the database and the execution of arbitrary system commands, potentially leading to full system compromises while operating under Langflow service permissions. This presents a serious risk to the integrity and security of systems that rely on this software. Users are urged to review advisories provided by IBM to mitigate risks associated with this vulnerability.

Affected Version(s)

Langflow OSS 1.0.0 <= 1.10.0

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

XlabAI (XlabAITeam) xlabai@tencent.com
.