A maximum-severity flaw in IBM Langflow OSS lets an unauthenticated attacker run arbitrary code on the host, leading to complete system compromise.
What Is It
CVE-2026-10561 is a critical (CVSS 10.0) vulnerability in IBM Langflow OSS. According to IBM PSIRT, the flaw stems from improper isolation of Python execution combined with an authentication bypass. Chained together, these allow an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise. The weakness is classified as CWE-94 (Code Injection).
Why It Matters
The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) reflects the worst realistic case: the attack is network-reachable, low-complexity, requires no privileges and no user interaction, and breaks out of its scope. Because authentication can be bypassed and Python execution is not properly isolated, an attacker needs nothing more than network access to the service to gain code execution. With high impact across confidentiality, integrity, and availability, a successful exploit means full takeover of the affected host.
What's Vulnerable
IBM Langflow OSS versions 1.0.0 through 1.9.3 are affected, per the IBM PSIRT advisory and NVD record. The vulnerability was published on 2026-06-22 and is currently listed by NVD as "Undergoing Analysis." No CISA KEV entry was supplied, so active exploitation is not confirmed in the provided source material.
Patch Status
IBM has published a support advisory addressing this vulnerability (IBM support node 7277242). Organizations running IBM Langflow OSS in the affected 1.0.0–1.9.3 range should consult the IBM advisory and apply the vendor's guidance. Given the maximum severity and unauthenticated, network-based nature of the flaw, remediation should be treated as urgent.
Sources
- IBM Support Advisory; https://www.ibm.com/support/pages/node/7277242
- NVD, CVE-2026-10561, https://nvd.nist.gov/vuln/detail/CVE-2026-10561