CVE-2026-9135
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...