CVE-2026-7871
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing users with Redis access to execute arbitrary code with full application privileges. This compromises all secrets, data, and system integrity.
Risk Assessment
The risk for the organization includes complete compromise of sensitive data, keys, and secrets stored in the application, as well as potential full system takeover by an attacker.
Recommendation
Immediately upgrade IBM Langflow OSS to version 1.10.1 or later and restrict Redis access to trusted users and networks only.
Original NVD description (English source)
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.

