CVE-2026-13448
Received Received - Intake

Unauthenticated Remote Code Execution in IBM Langflow OSS

Vulnerability report for CVE-2026-13448, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: IBM Corporation

Description

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint ( /api/v1/build_public_tmp/{flow_id}/flow ). The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ibm langflow_oss From 1.0.0 (inc) to 1.10.1 (inc)
ibm langflow From 1.0.0 (inc) to 1.10.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

IBM Langflow OSS versions 1.0.0 through 1.10.1 have an unauthenticated remote code execution flaw in the public flow build endpoint at /api/v1/build_public_tmp/{flow_id}/flow. The issue occurs because the validate_public_flow_no_code_execution() function's denylist is incomplete, allowing code-execution agent components like OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent to bypass restrictions.

Detection Guidance

Detecting this vulnerability requires checking for unauthorized access to the /api/v1/build_public_tmp/{flow_id}/flow endpoint. Monitor network traffic for requests to this path. Check application logs for unusual build_public_tmp flow executions. Verify if any of the blocked agents (OpenDsStarAgent, CodeActAgentSmolagents, CSVAgent) are present in active flows.

Impact Analysis

An attacker could exploit this to execute arbitrary code on the server without authentication, potentially taking control of the system, stealing data, or disrupting services. This could lead to unauthorized access to sensitive information or system compromise.

Compliance Impact

This vulnerability could lead to unauthorized data access or exfiltration, violating GDPR's data protection requirements and HIPAA's safeguards for protected health information. Organizations may face compliance violations, fines, or legal consequences if exploited.

Mitigation Strategies

Immediately upgrade to a patched version of IBM Langflow OSS beyond 1.10.1. Temporarily disable the public flow build endpoint if not required. Implement strict input validation for all API endpoints. Review and update denylists to explicitly block all code-execution agent components mentioned in the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13448. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart