Home
Home
Trends
Trends
Vulnerabilities
Vulnerabilities
News
News
Researchers
Researchers
Why dbugs?
Why dbugs?
Settings

Kim Soohyun

#24461of 54,858
9.9Total CVSS
Vulnerabilities · 1
PT-2026-60865
9.9
2026-07-17
Ibm · Langflow Oss · CVE-2026-8481
**Name of the Vulnerable Software and Affected Versions** IBM Langflow OSS versions 1.0.0 through 1.10.0 **Description** An issue exists in the code validation API endpoint that allows authenticated users to execute arbitrary system commands with the full privileges of the server process. The endpoint 'POST /api/v1/validate/code' accepts user-supplied Python code and executes it using the `exec()` function without sandboxing, input validation, or privilege restrictions. **Recommendations** Update IBM Langflow OSS to a version later than 1.10.0. As a temporary mitigation, restrict access to the 'POST /api/v1/validate/code' endpoint.