SYS::ONLINE
Wasteland.
Briefs1238
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-8476 2026-07-17

CVE-2026-8476: Critical Unsafe Deserialization RCE in IBM Langflow OSS

"A critical (CVSS 9.9) remote code execution flaw in IBM Langflow OSS lets attackers who can influence disk-cached data run arbitrary code and fully compromise the host."

Here is the article.

CVE-2026-8476: Critical Unsafe Deserialization RCE in IBM Langflow OSS

A critical (CVSS 9.9) remote code execution flaw in IBM Langflow OSS lets attackers who can influence disk-cached data run arbitrary code and fully compromise the host.

What Is It

CVE-2026-8476 is a remote code execution vulnerability in the disk-based caching mechanism of IBM Langflow OSS. The AsyncDiskCache class uses Python's unsafe pickle.loads() function to deserialize cached objects from disk without validation, integrity verification, or authentication. When a malicious pickle payload is processed, it enables arbitrary code execution. The issue is classified as CWE-502 (Deserialization of Untrusted Data) and carries a CVSS 3.1 base score of 9.9 (CRITICAL), vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Why It Matters

The scope is "Changed" and all three impact metrics, confidentiality, integrity, and availability, are rated High, meaning successful exploitation results in complete system compromise with the privileges of the Langflow server process. The attack is network-reachable with low complexity and requires only low privileges and no user interaction. Attackers can influence cached data through several avenues: file system access, malicious workflow inputs, custom components, or API manipulation.

What's Vulnerable

IBM Langflow OSS versions 1.0.0 through 1.10.0 are affected. The vulnerable code is the AsyncDiskCache class within the product's disk-based caching subsystem.

Patch Status

IBM has published a security advisory for this vulnerability (support document node 7278922). Refer to IBM's advisory for the applicable fix and remediation guidance. This CVE does not appear in the CISA KEV catalog based on the supplied data, so there is no confirmed active exploitation or federal required-action deadline at this time.

Sources