CVE-2026-8635

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
17/07/2026
Last modified:
17/07/2026

Description

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.

References to Advisories, Solutions, and Tools