CVE-2026-8635
Received
Received - Intake
Authenticated Privilege Escalation in IBM Langflow OSS
Vulnerability report for CVE-2026-8635, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-17
Last updated on: 2026-07-17
Assigner: IBM Corporation
Description
Description
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | langflow | From 1.0.0 (inc) to 1.10.0 (inc) |
| ibm | langflow_oss | From 1.0.0 (inc) to 1.10.0 (inc) |
| ibm | langflow_oss | 1.10.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |