CVE-2026-7524: Critical RCE in IBM Langflow OSS via Symlink Archive Extraction Flaw

"IBM Langflow OSS versions 1.0.0 through 1.9.1 contain a critical (CVSS 9.8) remote code execution vulnerability caused by improper validation of symbolic links during archive extraction."

IBM Langflow OSS versions 1.0.0 through 1.9.1 contain a critical (CVSS 9.8) remote code execution vulnerability caused by improper validation of symbolic links during archive extraction.

What Is It

CVE-2026-7524 is a path traversal weakness (CWE-22) in IBM Langflow OSS. According to IBM PSIRT, the product fails to properly validate symbolic links when extracting archives, which could allow remote code execution. The flaw is reachable over the network with no authentication and no user interaction required.

Why It Matters

The CVSS 3.1 base score is 9.8 (CRITICAL) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. That combination, network attack vector, low complexity, no privileges, no user interaction, and high impact across confidentiality, integrity, and availability, describes an unauthenticated, fully remote code-execution condition.

Langflow OSS is commonly deployed as a hosted service for building LLM workflows, which means vulnerable instances are often exposed to internal or external networks and run with access to model credentials, connected data sources, and downstream integrations. A successful exploit gives an attacker code execution in that context.

The vulnerability is currently marked "Undergoing Analysis" in NVD. The supplied source material does not include a CISA KEV entry for CVE-2026-7524, so active exploitation has not been confirmed by KEV at this time.

What's Vulnerable

Product: IBM Langflow OSS
Affected versions: 1.0.0 through 1.9.1
Weakness: CWE-22; Improper Limitation of a Pathname to a Restricted Directory (path traversal), specifically via symbolic links during archive extraction
Attack prerequisites: Network reachability to the Langflow instance; no credentials or user interaction needed

Affected CPEs were not enumerated in the NVD record at time of publication.

Patch Status

IBM has published an advisory at the reference URL below. Operators of IBM Langflow OSS in the affected 1.0.0–1.9.1 range should consult that advisory for the fixed version and apply the vendor-supplied remediation. Until patched, restrict network exposure of Langflow instances and avoid processing untrusted archive uploads.

Sources

NVD, CVE-2026-7524: https://nvd.nist.gov/vuln/detail/CVE-2026-7524
IBM Support advisory ([email protected]): https://www.ibm.com/support/pages/node/7273426