IBM Langflow Desktop Code Validation Endpoint Authenticated Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in IBM Langflow Desktop versions 1.0.0 prior to 1.8.4. The issue arises in the code validation functionality, where the /api/v1/validate/code endpoint improperly uses Python's exec() to execute user-supplied input. This flaw allows authenticated attackers to inject malicious decorators that are executed immediately during validation, enabling arbitrary command execution on the server with the same privileges as the Langflow backend service. As a result, this vulnerability could lead to a full system compromise and unauthorized access to sensitive data, such as API keys and database credentials.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server, with the same privileges as the Langflow backend service. This could result in a full system compromise and unauthorized access to sensitive environment variables, including API keys and database credentials.

Remediation

Users are advised to upgrade to IBM Langflow Desktop version 1.9.0 or newer. Instructions for downloading Langflow Desktop are available on the Langflow website.