SYS::ONLINE
Wasteland.
Briefs1238
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-8481 2026-07-17

IBM Langflow OSS Code-Execution Flaw (CVE-2026-8481) Enables Authenticated RCE

"A critical remote code execution vulnerability in IBM Langflow OSS lets any authenticated user run arbitrary commands with the full privileges of the Langflow server process."

A critical remote code execution vulnerability in IBM Langflow OSS lets any authenticated user run arbitrary commands with the full privileges of the Langflow server process.

What Is It

CVE-2026-8481 is a critical (CVSS 3.1 base score 9.9) code injection flaw in IBM Langflow OSS, categorized as CWE-94. The vulnerability lives in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec() function without sandboxing, input validation, or privilege restrictions. As a result, any authenticated user can execute arbitrary system commands with the full privileges of the Langflow server process.

Why It Matters

The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) reflects a network-reachable, low-complexity attack that requires only low-privilege authentication and no user interaction. The scope is marked as Changed, and the confidentiality, integrity, and availability impacts are all High; meaning a successful attack can compromise the underlying host beyond the vulnerable component. CISA's SSVC assessment records technical impact as total. Per the supplied data, exploitation is currently rated "none" and the flaw is not listed in the CISA KEV catalog, so there is no confirmed active exploitation at this time.

What's Vulnerable

IBM Langflow OSS versions 1.0.0 through 1.10.0 are affected (inclusive, per semver). The weakness is exploitable by authenticated users who can reach the /api/v1/validate/code endpoint.

Patch Status

IBM has published a security advisory for this vulnerability. Administrators should consult the IBM support page (referenced below) for remediation guidance and upgrade information. Given the network reach and total technical impact, restricting access to the validation endpoint and upgrading affected Langflow OSS deployments should be prioritized.

Sources