CVE-2026-7873
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials. This leads to complete system compromise and enables lateral movement.
Risk Assessment
The risk for the organization includes full system compromise, theft of sensitive data, and the potential for lateral movement to other network resources.
Recommendation
Immediately upgrade IBM Langflow OSS to a version later than 1.10.0 and restrict system access to trusted users only.
Original NVD description (English source)
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

