CVE-2026-9198
Undergoing Analysis Undergoing Analysis - In Progress

Unauthenticated Remote Code Execution in IBM Langflow OSS

Vulnerability report for CVE-2026-9198, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: IBM Corporation

Description

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto_login (mints SUPERUSER tokens to any network caller) with /api/v1/validate/code (executes user code via exec()) to achieve full RCE on default Langflow deployments

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ibm langflow From 1.0.0 (inc) to 1.10.0 (inc)
ibm langflow_oss From 1.0.0 (inc) to 1.10.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-9198 is a critical vulnerability in IBM Langflow OSS versions 1.0.0 through 1.10.0 that allows unauthenticated remote code execution (RCE). Attackers can exploit two combined issues: an endpoint that issues superuser tokens to any caller and another that executes arbitrary Python code. This chain enables full system compromise on default deployments.

Detection Guidance

Check if Langflow OSS versions 1.0.0 through 1.10.0 are running by inspecting the version in logs or API responses. Verify if the /api/v1/auto_login and /api/v1/validate/code endpoints are accessible without authentication. Monitor for unexpected superuser token generation or code execution attempts in logs.

Impact Analysis

If you use Langflow OSS versions 1.0.0 to 1.10.0 with default settings, attackers could gain full control of your system without authentication. This could lead to data theft, system damage, or unauthorized access to sensitive information.

Compliance Impact

This vulnerability could lead to unauthorized access or data breaches, violating GDPR and HIPAA requirements for data protection and access controls. Organizations may face legal penalties, reputational damage, and loss of compliance certifications.

Mitigation Strategies

Upgrade Langflow OSS to version 1.10.1 or later immediately. If upgrading is not possible, restrict network access to the vulnerable endpoints or disable the auto-login feature if not required. Ensure no unauthorized tokens or code executions have occurred.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9198. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart