CVE-2026-3357

HIGH CVSS 8.8 View on NVD ↗

Description

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://www.ibm.com/support/pages/node/7268428

Published: Apr 08, 2026 01:16 UTC Modified: Apr 08, 2026 21:26 UTC