CVE-2026-7803
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing remote arbitrary code execution. The issue stems from improper validation of flow nodes with missing or empty component type fields.
Risk Assessment
An attacker can exploit this vulnerability to execute arbitrary code on the server, potentially leading to full system compromise, data theft, or service disruption.
Recommendation
Immediately upgrade IBM Langflow OSS to version 1.10.1 or later, which includes a fix for this vulnerability. Additionally, restrict access to the flow management interface to trusted users only.
Original NVD description (English source)
IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.

