2 matches found
CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...
CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...