CVE Catalog

CVE-2026-7873

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials. This leads to complete system compromise and enables lateral movement.

Risk Assessment

The risk for the organization includes full system compromise, theft of sensitive data, and the potential for lateral movement to other network resources.

Recommendation

Immediately upgrade IBM Langflow OSS to a version later than 1.10.0 and restrict system access to trusted users only.

Original NVD description (English source)

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS