CVE-2026-3357HIGH 8.8EPSS p36.7%

CVE-2026-3357CVE-2026-3357

Description

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.47% probability of exploitation · percentile 36.7% · 2026-06-19T12:03:05Z
Published2026-04-08
Last modified2026-04-14

Underlying weaknesses· 1

CWE-502

References

  1. https://www.ibm.com/support/pages/node/7268428

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-6543
CVE
CVE-2026-7524
CVE
CVE-2026-6542
CVE
CVE-2026-7528
CVE
Langflow Code Injection Vulnerability
CVE
CVE-2026-3071
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.