CVE Catalog

CVE-2026-7803

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing remote arbitrary code execution. The issue stems from improper validation of flow nodes with missing or empty component type fields.

Risk Assessment

An attacker can exploit this vulnerability to execute arbitrary code on the server, potentially leading to full system compromise, data theft, or service disruption.

Recommendation

Immediately upgrade IBM Langflow OSS to version 1.10.1 or later, which includes a fix for this vulnerability. Additionally, restrict access to the flow management interface to trusted users only.

Original NVD description (English source)

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS