SecBoard
Zurück zur CVE-Übersicht

CVE-2026-8481

CRITICAL(9.9)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Risk Signal Score35/100 — MITTEL
  • CVSS 9.9 — Kritisch
  • Weniger als 24 Stunden alt

Beschreibung

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec() function without sandboxing, input validation, or privilege restrictions, enabling any authenticated user to execute arbitrary system commands with the full privileges of the Langflow server process.

Referenzen