Vulnerability Details CVE-2026-7873
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 21.2%
CVSS Severity
CVSS v3 Score 9.9
Products affected by CVE-2026-7873
-
cpe:2.3:a:langflow:langflow:1.0.0
-
cpe:2.3:a:langflow:langflow:1.0.1
-
cpe:2.3:a:langflow:langflow:1.0.10
-
cpe:2.3:a:langflow:langflow:1.0.11
-
cpe:2.3:a:langflow:langflow:1.0.12
-
cpe:2.3:a:langflow:langflow:1.0.13
-
cpe:2.3:a:langflow:langflow:1.0.14
-
cpe:2.3:a:langflow:langflow:1.0.15
-
cpe:2.3:a:langflow:langflow:1.0.16
-
cpe:2.3:a:langflow:langflow:1.0.17
-
cpe:2.3:a:langflow:langflow:1.0.18
-
cpe:2.3:a:langflow:langflow:1.0.19
-
cpe:2.3:a:langflow:langflow:1.0.2
-
cpe:2.3:a:langflow:langflow:1.0.3
-
cpe:2.3:a:langflow:langflow:1.0.4
-
cpe:2.3:a:langflow:langflow:1.0.5
-
cpe:2.3:a:langflow:langflow:1.0.6
-
cpe:2.3:a:langflow:langflow:1.0.7
-
cpe:2.3:a:langflow:langflow:1.0.8
-
cpe:2.3:a:langflow:langflow:1.0.9
-
cpe:2.3:a:langflow:langflow:1.1.0
-
cpe:2.3:a:langflow:langflow:1.1.1
-
cpe:2.3:a:langflow:langflow:1.1.2
-
cpe:2.3:a:langflow:langflow:1.1.3
-
cpe:2.3:a:langflow:langflow:1.1.4
-
cpe:2.3:a:langflow:langflow:1.10.0
-
cpe:2.3:a:langflow:langflow:1.2.0
-
cpe:2.3:a:langflow:langflow:1.3.0
-
cpe:2.3:a:langflow:langflow:1.3.1
-
cpe:2.3:a:langflow:langflow:1.3.2
-
cpe:2.3:a:langflow:langflow:1.3.3
-
cpe:2.3:a:langflow:langflow:1.3.4
-
cpe:2.3:a:langflow:langflow:1.4.0
-
cpe:2.3:a:langflow:langflow:1.4.1
-
cpe:2.3:a:langflow:langflow:1.4.2
-
cpe:2.3:a:langflow:langflow:1.4.3
-
cpe:2.3:a:langflow:langflow:1.5.0
-
cpe:2.3:a:langflow:langflow:1.5.1
-
cpe:2.3:a:langflow:langflow:1.6.0
-
cpe:2.3:a:langflow:langflow:1.6.1
-
cpe:2.3:a:langflow:langflow:1.6.10
-
cpe:2.3:a:langflow:langflow:1.6.2
-
cpe:2.3:a:langflow:langflow:1.6.3
-
cpe:2.3:a:langflow:langflow:1.6.4
-
cpe:2.3:a:langflow:langflow:1.6.5
-
cpe:2.3:a:langflow:langflow:1.6.6
-
cpe:2.3:a:langflow:langflow:1.6.7
-
cpe:2.3:a:langflow:langflow:1.6.8
-
cpe:2.3:a:langflow:langflow:1.6.9
-
cpe:2.3:a:langflow:langflow:1.7.0
-
cpe:2.3:a:langflow:langflow:1.7.1
-
cpe:2.3:a:langflow:langflow:1.7.2
-
cpe:2.3:a:langflow:langflow:1.7.3
-
cpe:2.3:a:langflow:langflow:1.8.0
-
cpe:2.3:a:langflow:langflow:1.8.1
-
cpe:2.3:a:langflow:langflow:1.8.2
-
cpe:2.3:a:langflow:langflow:1.8.3
-
cpe:2.3:a:langflow:langflow:1.9.0
-
cpe:2.3:a:langflow:langflow:1.9.1
-
cpe:2.3:a:langflow:langflow:1.9.2
-
cpe:2.3:a:langflow:langflow:1.9.3
-
cpe:2.3:a:langflow:langflow:1.9.4