SYS::ONLINE
Wasteland.
Briefs1238
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-9198 2026-07-17

CVE-2026-9198: Unauthenticated RCE in IBM Langflow OSS via Auth-Bypass and Code-Execution Chain

"A critical (CVSS 9.8) flaw lets unauthenticated attackers chain two IBM Langflow OSS endpoints to gain full remote code execution on default deployments."

A critical (CVSS 9.8) flaw lets unauthenticated attackers chain two IBM Langflow OSS endpoints to gain full remote code execution on default deployments.

What Is It

CVE-2026-9198 is a critical remote code execution vulnerability in IBM Langflow OSS, tracked under CWE-94 (Improper Control of Generation of Code). According to the NVD record, the flaw allows unauthenticated attackers to chain /api/v1/auto_login, which mints SUPERUSER tokens to any network caller; with /api/v1/validate/code, which executes user-supplied code via exec(). Combined, these endpoints let a remote, unauthenticated attacker achieve full RCE on default Langflow deployments.

Why It Matters

The vulnerability carries a CVSS 3.1 base score of 9.8 (CRITICAL), with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. It requires no authentication, no user interaction, and low attack complexity, while delivering high confidentiality, integrity, and availability impact. CISA's SSVC assessment marks the flaw as "automatable: yes" with "technicalImpact: total," indicating attacks can be reliably scripted at scale for complete system compromise. The chain works against default configurations, meaning out-of-the-box deployments are exposed without any misconfiguration on the operator's part.

What's Vulnerable

IBM Langflow OSS versions 1.0.0 through 1.10.0 are affected, per the vendor ([email protected]) advisory data. The affected CPEs cover ibm:langflow_oss across this version range.

Patch Status

As of the NVD record (published and last modified 2026-07-17), the CVE is in "Undergoing Analysis" status. IBM has issued a security advisory referenced below. The SSVC data lists exploitation status as "none," and this CVE is not indicated as present in the CISA KEV catalog in the supplied source material, so active exploitation is not currently confirmed. Operators should consult the IBM advisory for remediation guidance and upgrade beyond the affected 1.0.0–1.10.0 range.

Sources