Here is the article.
CVE-2026-8476: Critical Unsafe Deserialization RCE in IBM Langflow OSS
A critical (CVSS 9.9) remote code execution flaw in IBM Langflow OSS lets attackers who can influence disk-cached data run arbitrary code and fully compromise the host.
What Is It
CVE-2026-8476 is a remote code execution vulnerability in the disk-based caching mechanism of IBM Langflow OSS. The AsyncDiskCache class uses Python's unsafe pickle.loads() function to deserialize cached objects from disk without validation, integrity verification, or authentication. When a malicious pickle payload is processed, it enables arbitrary code execution. The issue is classified as CWE-502 (Deserialization of Untrusted Data) and carries a CVSS 3.1 base score of 9.9 (CRITICAL), vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Why It Matters
The scope is "Changed" and all three impact metrics, confidentiality, integrity, and availability, are rated High, meaning successful exploitation results in complete system compromise with the privileges of the Langflow server process. The attack is network-reachable with low complexity and requires only low privileges and no user interaction. Attackers can influence cached data through several avenues: file system access, malicious workflow inputs, custom components, or API manipulation.
What's Vulnerable
IBM Langflow OSS versions 1.0.0 through 1.10.0 are affected. The vulnerable code is the AsyncDiskCache class within the product's disk-based caching subsystem.
Patch Status
IBM has published a security advisory for this vulnerability (support document node 7278922). Refer to IBM's advisory for the applicable fix and remediation guidance. This CVE does not appear in the CISA KEV catalog based on the supplied data, so there is no confirmed active exploitation or federal required-action deadline at this time.
Sources
- IBM Security Advisory; https://www.ibm.com/support/pages/node/7278922
- NVD, CVE-2026-8476, https://nvd.nist.gov/vuln/detail/CVE-2026-8476