{"id":"CVE-2026-7873","details":"IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.","modified":"2026-07-15T06:01:31.267405Z","published":"2026-06-30T20:17:31.750Z","references":[{"type":"ADVISORY","url":"https://www.ibm.com/support/pages/node/7278441"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/langflow-ai/langflow","events":[{"introduced":"24d9e86885b877ea3e9d03cbc50b963765489721"},{"last_affected":"f1b64b1c6f46cc49f7729664bdb6d6204bce5fba"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.0.0"},{"last_affected":"1.10.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7873.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}