IBM Langflow Desktop: Malicious User Can Run Unauthorized Code on System

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

IBM Langflow Desktop: Malicious User Can Run Unauthorized Code on System

CVE-2026-3357

Summary

IBM Langflow Desktop versions 1.6.0 to 1.8.2 have a security issue that allows an authorized user to run unauthorized code on the system. This can happen if the software is set up with a default security setting that doesn't properly check the data it receives. To fix this, update to a newer version of IBM Langflow Desktop, and make sure to change the default security setting to prevent untrusted data from being executed.

Original title

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization ...

Original description

nvd CVSS3.1 8.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://www.ibm.com/support/pages/node/7268428

Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026