Ibm · Langflow Oss · CVE-2026-8481
**Name of the Vulnerable Software and Affected Versions**
IBM Langflow OSS versions 1.0.0 through 1.10.0
**Description**
An issue exists in the code validation API endpoint that allows authenticated users to execute arbitrary system commands with the full privileges of the server process. The endpoint 'POST /api/v1/validate/code' accepts user-supplied Python code and executes it using the `exec()` function without sandboxing, input validation, or privilege restrictions.
**Recommendations**
Update IBM Langflow OSS to a version later than 1.10.0.
As a temporary mitigation, restrict access to the 'POST /api/v1/validate/code' endpoint.