CVE-2026-13448
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build e
CVSS
8.1
Alto
EPSS
—
KEV
—
Exploit Today
—
0-100
Publicado: 17 jul 2026 · Última mod.: 17 jul 2026
Sin historial EPSS suficiente todavía.
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint ( /api/v1/build_public_tmp/{flow_id}/flow ). The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent.
Sin CVEs relacionados por CWE o producto.