Volerion logoVolerion
Volerion logoVolerion

IBM Langflow OSS Remote Code Execution Vulnerability via Symbolic Link Misvalidation

Vulnerability

A remote code execution vulnerability exists in IBM Langflow OSS versions 1.0.0 through 1.9.1. The issue arises from improper validation of symbolic links during the extraction of tar archives, allowing attackers to exploit symlinks to access arbitrary files on the file system. In scenarios where users can upload documents, a crafted tar file could be used to link to sensitive files, such as Langflow OSS' JWT secret key. Once these files are processed and stored in the vector database, the attacker could retrieve sensitive information through chatbot queries, potentially leading to authentication bypass and remote code execution via the Python Interpreter node.

Impact

Exploitation of this vulnerability could result in unauthorized access to the file system, allowing for the extraction of sensitive data. In certain scenarios, this could lead to authentication bypass and remote code execution.

Remediation

Users are advised to upgrade IBM Langflow OSS to version 1.9.2.

Added: May 28, 2026, 5:10 AM
Updated: May 28, 2026, 5:10 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.8
exploitability
5.2
remediation
0.0
relevance
9.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.