CVE-2026-9198
IBM · Langflow OSS
A critical code injection vulnerability in IBM Langflow OSS allows unauthenticated attackers to gain superuser privileges and execute arbitrary code on the host system.
Executive summary
IBM Langflow OSS is vulnerable to an unauthenticated code injection attack that allows attackers to escalate privileges to superuser and execute arbitrary commands.
Vulnerability
This vulnerability involves chaining two separate flaws: the auto_login endpoint which incorrectly grants superuser tokens, and the validate/code endpoint which executes user-supplied code. An unauthenticated attacker can exploit this sequence to achieve full remote code execution.
Business impact
The CVSS score of 9.8 reflects the extreme severity of this vulnerability. Successful exploitation grants an attacker complete control over the Langflow deployment, enabling them to steal sensitive data, modify system configurations, or deploy further malicious payloads, leading to total compromise of the affected infrastructure.
Remediation
Immediate Action: Patch the installation by upgrading IBM Langflow OSS to version 1.10.1 immediately.
Proactive Monitoring: Review authentication logs for suspicious use of the auto_login endpoint and monitor process execution logs for anomalous code execution activity.
Compensating Controls: Restrict network access to the Langflow management API to trusted internal IP addresses only to prevent external exploitation.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability is a critical threat to any Langflow OSS environment. It is imperative that organizations deploy version 1.10.1 immediately to close the authentication and code execution loopholes that enable this chain of attack.