Skip to content
CVSS 8.8 · HIGH

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

Ver en NVD

Análisis

Langflow is a popular orchestration tool for LLM development and agent building. An RCE in this stack is highly relevant to developers using AI workflows, as it can lead to the compromise of sensitive environment variables like OpenAI or Anthropic API keys.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-94

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 12.5%
EPSS: 2026-05-06

Descripción técnica

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

Publicada: 30/4/2026, 22:16:26
Última modificación: 1/5/2026, 15:27:15

Referencias

InicioEventosBlogRecursosEquipo