CVE-2026-7524

CRITICAL

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 5/27/2026Modified: 6/2/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-7524 — IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to im...

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

CVE-2026-7524
NIST NVD

References (1)

https://www.ibm.com/support/pages/node/7273426Vendor Advisory