CVE-2026-3357
CVE-2026-3357
8.8
HighPublished:
Last updated:
Source:psirt@us.ibm.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
References
psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7268428