CVE Catalog

CVE-2026-7871

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing users with Redis access to execute arbitrary code with full application privileges. This compromises all secrets, data, and system integrity.

Risk Assessment

The risk for the organization includes complete compromise of sensitive data, keys, and secrets stored in the application, as well as potential full system takeover by an attacker.

Recommendation

Immediately upgrade IBM Langflow OSS to version 1.10.1 or later and restrict Redis access to trusted users and networks only.

Original NVD description (English source)

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS