CVE-2026-3357

Published: Apr 8, 2026Modified: Apr 14, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: psirt@us.ibm.com

Description

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

Affected (1)

Products: Langflow: Langflow

Langflow

1 product

Langflow

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Langflow Langflow	From 1.6.0 to 1.8.3

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (1)

https://www.ibm.com/support/pages/node/7268428

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.