cvedb.io
CVE-2026-6543
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-04-30T22:16:26.467 · Last modified 2026-06-17T11:00:57.617

Summary

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

Affected products

langflow — langflow_desktop

Does this affect you?

Add your gear to cvedb and we'll alert you only when langflow ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.