CVE-2026-10561 PUBLISHED

Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection

Assigner: ibm
Reserved: 01.06.2026 Published: 22.06.2026 Updated: 22.06.2026

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Langflow OSS
Versions	affected from 1.0.0 to 1.9.3 (incl.)

Solutions

IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.9.4 https://pypi.org/project/langflow/

References

https://www.ibm.com/support/pages/node/7277242

Problem Types

CWE-94 Improper Control of Generation of Code ('Code Injection') CWE