CVE-2026-10134

IBM · Langflow OSS

IBM Langflow OSS contains a critical vulnerability allowing unauthenticated attackers to read secrets, modify database content, access internal services, and achieve persistent code execution.

Executive summary

A critical vulnerability in IBM Langflow OSS allows unauthenticated attackers to achieve full system compromise, data exfiltration, and persistent arbitrary code execution.

Vulnerability

This is a comprehensive security failure allowing for unauthorized secret access, database modification, and lateral movement. An unauthenticated attacker can exploit this to establish persistence by injecting malicious code into public flows, which then executes under the context of subsequent user requests.

Business impact

With a CVSS score of 10.0, this vulnerability represents the highest level of risk, enabling complete control over the Langflow instance and its associated data. The ability to pivot to internal services and abuse cloud metadata endpoints poses a catastrophic threat to cloud-native environments and organizational intellectual property.

Remediation

Immediate Action: Upgrade to the latest version of IBM Langflow OSS immediately to remediate the underlying logic flaws.

Proactive Monitoring: Audit database logs for unauthorized modifications to tool_code or unexpected API requests to /api/v1/build/.

Compensating Controls: Restrict network access to the Langflow instance via IP allowlisting and ensure the service runs with the least-privilege identity necessary to prevent cloud metadata abuse.

Exploitation status

Public Exploit Available: No

Analyst recommendation

The severity of this vulnerability cannot be overstated; the potential for persistence and lateral movement makes it a top-tier priority. Security teams must ensure all instances are updated immediately and conduct a thorough forensic review of existing flows for indicators of compromise.