{"api_version":"1","generated_at":"2026-07-17T22:47:43+00:00","cve":"CVE-2026-8635","urls":{"html":"https://cve.report/CVE-2026-8635","api":"https://cve.report/api/cve/CVE-2026-8635.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-8635","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-8635"},"summary":{"title":"Arbitrary Code Execution in Python Interpreter Component","description":"IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.","state":"PUBLISHED","assigner":"ibm","published_at":"2026-07-17 20:17:31","updated_at":"2026-07-17 20:17:31"},"problem_types":["CWE-94","CWE-94 CWE-94 Improper Control of Generation of Code ('Code Injection')"],"metrics":[{"version":"3.1","source":"psirt@us.ibm.com","type":"Primary","score":"9.9","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.9","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278925","name":"https://www.ibm.com/support/pages/node/7278925","refsource":"psirt@us.ibm.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-8635","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8635","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"IBM","product":"Langflow OSS","version":"affected 1.0.0 1.10.0 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"XlabAI (XlabAITeam) xlabai@tencent.com","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"],"product":"Langflow OSS","vendor":"IBM","versions":[{"lessThanOrEqual":"1.10.0","status":"affected","version":"1.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"XlabAI (XlabAITeam) xlabai@tencent.com"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.</p>"}],"value":"IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-17T19:02:03.977Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7278925"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM strongly recommends addressing the vulnerability now by upgrading <a href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\">Langflow OSS to version 1.10.1</a></p>"}],"value":"IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"}],"title":"Arbitrary Code Execution in Python Interpreter Component","x_generator":{"engine":"ibm-cvegen"}}},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2026-8635","datePublished":"2026-07-17T19:02:03.977Z","dateReserved":"2026-05-14T19:17:56.124Z","dateUpdated":"2026-07-17T19:02:03.977Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-17 20:17:31","lastModifiedDate":"2026-07-17 20:17:31","problem_types":["CWE-94","CWE-94 CWE-94 Improper Control of Generation of Code ('Code Injection')"],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"8635","Ordinal":"1","Title":"Arbitrary Code Execution in Python Interpreter Component","CVE":"CVE-2026-8635","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"8635","Ordinal":"1","NoteData":"IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.","Type":"Description","Title":"Arbitrary Code Execution in Python Interpreter Component"}]}}}