CVE-2026-9198 in Langflow OSSИнформация

Сводка

по VulDB • 17.07.2026

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto_login (mints SUPERUSER tokens to any network caller) with /api/v1/validate/code (executes user code via exec()) to achieve full RCE on default Langflow deployments

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

Ibm

Резервировать

21.05.2026

Раскрытие

17.07.2026

Модерация

принято

Вход

VDB-379892

EPSS

0.00000

KEV

Нет

Деятельности

Низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!