CVE-2026-14499

Summary

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component.

Affected Software

VendorProductVersion RangeStatus
IBMLangflow OSS1.0.0 <= 1.10.1affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References