CVE-2026-8476
Received Received - Intake

Remote Code Execution in IBM Langflow OSS

Vulnerability report for CVE-2026-8476, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: IBM Corporation

Description

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads() function to deserialize cached objects from disk without validation, integrity verification, or authentication, enabling arbitrary code execution when malicious pickle payloads are processed. Attackers who can influence cached data through file system access, malicious workflow inputs, custom components, or API manipulation can achieve complete system compromise with the privileges of the Langflow server process.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ibm langflow From 1.0.0 (inc) to 1.10.0 (inc)
ibm langflow_oss From 1.0.0 (inc) to 1.10.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This is a critical remote code execution vulnerability in IBM Langflow OSS versions 1.0.0 through 1.10.0. It exists in the disk-based caching mechanism where the AsyncDiskCache class uses Python's unsafe pickle.loads() function to deserialize cached objects without validation or authentication. Attackers can exploit this by injecting malicious pickle payloads through file system access, workflow inputs, custom components, or API manipulation to execute arbitrary code on the server with the privileges of the Langflow process.

Detection Guidance

To detect this vulnerability, check if your system is running IBM Langflow OSS versions 1.0.0 through 1.10.0. Use commands like 'pip show langflow' or check version files in the Langflow installation directory. Inspect disk-based cache files for unusual or recently modified entries that may indicate malicious pickle payloads.

Impact Analysis

This vulnerability allows attackers to execute arbitrary code on the server running Langflow OSS. If exploited, it could lead to complete system compromise, data theft, unauthorized access, or disruption of services. The impact depends on the server's privileges, potentially affecting all data and operations managed by the Langflow instance.

Compliance Impact

This vulnerability could severely impact compliance with GDPR, HIPAA, and other regulations. Unauthorized code execution may lead to data breaches, exposing sensitive personal or health information. Organizations could face legal penalties, reputational damage, and loss of trust due to non-compliance with data protection requirements.

Mitigation Strategies

Immediately upgrade to Langflow OSS version 1.10.1 or later to patch the vulnerability. Since no workarounds exist, patching is the only mitigation. Ensure backups are taken before upgrading to avoid data loss during the process.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8476. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart