SYS::ONLINE
Wasteland.
Briefs1061
Issues17
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-10134 2026-06-30

IBM Langflow OSS Hit by Critical CVE-2026-10134: Full Compromise via Code Injection

"A critical (CVSS 10.0) code-injection flaw in IBM Langflow OSS lets an unauthenticated attacker read every secret, tamper with all data, and re-execute their code on each build."

A critical (CVSS 10.0) code-injection flaw in IBM Langflow OSS lets an unauthenticated attacker read every secret, tamper with all data, and re-execute their code on each build.

What Is It

CVE-2026-10134 is a critical code-injection vulnerability (CWE-94) in IBM Langflow OSS. It carries a CVSS 3.1 base score of 10.0 (CRITICAL), vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, network-reachable, low complexity, requiring no privileges and no user interaction, with a changed scope and high confidentiality, integrity, and availability impact. According to the NVD record, an attacker can read every secret available to the Langflow process and read and modify every flow, conversation, message, file upload, and saved component in the Langflow database.

Why It Matters

Beyond data theft and tampering, the flaw enables broad post-exploitation. Per the NVD description, an attacker can connect to internal services, abuse cloud metadata endpoints, and laterally move to other tenants on the same Langflow instance. Most notably, they can establish persistence by modifying the public flow's tool_code, so that normal /api/v1/build/... calls by any user re-execute the attacker's code at each build. The perfect 10.0 score and lack of any authentication requirement make this trivially exploitable once reachable.

What's Vulnerable

IBM Langflow OSS versions 1.0.0 through 1.9.3 are affected (version range 1.0.0 lessThanOrEqual 1.9.3, semver). Affected CPEs include cpe:2.3:a:ibm:langflow_oss:1.0.0 and cpe:2.3:a:ibm:langflow_oss:1.9.3.

Patch Status

The source identifier for this record is IBM PSIRT ([email protected]), and IBM has published a support advisory (node 7277559) as the sole reference. Administrators should consult that advisory for remediation guidance and upgrade beyond the affected 1.0.0–1.9.3 range. Note: this CVE was published 2026-06-30 with NVD status "Received," and no CISA KEV entry was supplied, so active exploitation is not confirmed in the source material.

Sources