CVE-2026-10561

EPSS 0.53%
Veröffentlicht 22.06.2026 13:22:07
Zuletzt bearbeitet 26.06.2026 20:19:05
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Langflow ≫ Langflow Version >= 1.0.0 <= 1.9.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.405

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@us.ibm.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.ibm.com/support/pages/node/7277242

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-10561

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-10561

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-10561

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-10561