CVE-2026-10561
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
IBM Langflow OSS versions 1.0.0 through 1.9.3 contain a vulnerability due to improper isolation of Python execution combined with an authentication bypass. An unauthenticated attacker can execute arbitrary code on the host system, leading to full compromise.
Risk Assessment
The risk for the organization is critical – an unauthenticated attacker can fully compromise the server running Langflow, gaining access to data, systems, and potentially spreading the attack within the internal network.
Recommendation
Immediately upgrade IBM Langflow OSS to version 1.9.4 or later. If upgrading is not possible, restrict access to the application to trusted networks only and implement additional authentication mechanisms at the proxy level.
Original NVD description (English source)
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise

