CVE-2026-7524

Description

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

CVSS breakdown

Affected products

• ibm / langflow_oss1.0.0 – 1.0.0
• ibm / langflow_oss1.9.1 – 1.9.1

References

• MISChttps://www.ibm.com/support/pages/node/7273426