IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a critical flaw (CVSS 9.9) that lets an authenticated user escalate to superuser, run arbitrary system commands, and fully compromise the host.
What Is It
CVE-2026-8635 is a critical vulnerability in IBM Langflow OSS. According to IBM's advisory, authenticated users can escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions. The issue is classified as CWE-94 (code injection) and carries a CVSS 3.1 base score of 9.9 (CRITICAL), vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Why It Matters
The scoring tells the story: network-reachable, low attack complexity, no user interaction, and only low privileges required to start. The scope is "changed," meaning the impact crosses beyond the vulnerable component; consistent with the described outcome of full host compromise under the Langflow service account. Confidentiality, integrity, and availability impacts are all rated HIGH. Because only a low-privileged authenticated account is needed, any user who can reach an affected instance is a potential path to complete takeover.
Note: the supplied CISA KEV data is empty, so there is no confirmation of active exploitation in the source material.
What's Vulnerable
- Product: IBM Langflow OSS
- Affected versions: 1.0.0 through 1.10.0 (semver range, inclusive)
- Weakness: CWE-94 (code injection)
Instances running any release in the 1.0.0–1.10.0 band should be treated as affected.
Patch Status
The supplied source material does not include specific patch or fixed-version details or a stated required action. IBM has published a support advisory (referenced below) for this CVE; administrators should consult it directly for remediation guidance and any available fixed release.
Sources
- IBM Support advisory; https://www.ibm.com/support/pages/node/7278925
- NVD entry for CVE-2026-8635; https://nvd.nist.gov/vuln/detail/CVE-2026-8635