CVE-2026-10134
IBM · Langflow OSS
IBM Langflow OSS contains a critical vulnerability allowing unauthenticated attackers to read secrets, modify database content, access internal services, and achieve persistent code execution.
Executive summary
A critical vulnerability in IBM Langflow OSS allows unauthenticated attackers to achieve full system compromise, data exfiltration, and persistent arbitrary code execution.
Vulnerability
This is a comprehensive security failure allowing for unauthorized secret access, database modification, and lateral movement. An unauthenticated attacker can exploit this to establish persistence by injecting malicious code into public flows, which then executes under the context of subsequent user requests.
Business impact
With a CVSS score of 10.0, this vulnerability represents the highest level of risk, enabling complete control over the Langflow instance and its associated data. The ability to pivot to internal services and abuse cloud metadata endpoints poses a catastrophic threat to cloud-native environments and organizational intellectual property.
Remediation
Immediate Action: Upgrade to the latest version of IBM Langflow OSS immediately to remediate the underlying logic flaws.
Proactive Monitoring: Audit database logs for unauthorized modifications to tool_code or unexpected API requests to /api/v1/build/.
Compensating Controls: Restrict network access to the Langflow instance via IP allowlisting and ensure the service runs with the least-privilege identity necessary to prevent cloud metadata abuse.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The severity of this vulnerability cannot be overstated; the potential for persistence and lateral movement makes it a top-tier priority. Security teams must ensure all instances are updated immediately and conduct a thorough forensic review of existing flows for indicators of compromise.