CVE-2026-6543

HIGH CVSS 8.8 View on NVD ↗

Description

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://www.ibm.com/support/pages/node/7271092

Published: Apr 30, 2026 22:16 UTC Modified: May 01, 2026 15:27 UTC