CVE-2026-7524
CRITICAL WAF: High
CVSS 9.8
Published: 2026-05-27
CWE-22
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| langflow | langflow | 1.0.0 - 1.9.1 |
References
- www.ibm.com (Vendor Advisory)