Lucene search
+L

30 matches found

OSV
OSV
added 2026/04/08 1:16 a.m.2 views

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

8.8CVSS6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 12:19 a.m.19 views

CVE-2026-3357 IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

8.8CVSS0.00466EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 12:19 a.m.316 views

CVE-2026-3357

IBM Langflow Desktop versions 1.6.0–1.8.2 are affected by CVE-2026-3357 due to unsafe deserialization in the FAISS Vector Store component, enabling an authenticated user to execute arbitrary code on the system. The vulnerability stems from a default setting that allows loading untrusted Python Pi...

8.8CVSS6.3AI score0.00466EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 9:37 p.m.9 views

Security Bulletin: IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file

Summary IBM Langflow Desktop supports retrieval-augmented generation RAG workflows through its FAISS Vector Store component, which loads persisted vector indexes and associated metadata from disk. A vulnerability in the FAISS component arises from unsafe deserialization of Python Pickle files,...

8.8CVSS6.7AI score0.00466EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2778

Malicious code in bioql PyPI...

7.8CVSS5.4AI score0.00358EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-5998

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product...

5.2CVSS7.4AI score0.00358EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/09/17 12:30 p.m.19 views

LangChain pickle deserialization of untrusted data

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4...

7.8CVSS5.6AI score0.00358EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/09/17 12:30 p.m.34 views

GHSA-F2JM-RW3H-6PHG LangChain pickle deserialization of untrusted data

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4...

8.4CVSS5.5AI score0.00358EPSS
Exploits1References5
CVE
CVE
added 2024/09/17 11:50 a.m.78 views

CVE-2024-5998

Technical details for CVE-2024-5998 (LangChain FAISS deserialize_from_bytes) are not provided in the connected documents. Monitor official advisories for affected versions, impact, and fixes.

7.8CVSS5.5AI score0.00358EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.4 views

LangChain 代码问题漏洞

LangChain is a LangChain open source implementation of a locally hosted chatbot dedicated to answering questions via LangChain documents. LangChain suffers from a code issue vulnerability that stems from the FAISS.deserializefrombytes function's pickle deserialization of untrustworthy data, which...

7.8CVSS6.1AI score0.00358EPSS
Exploits1References3
Rows per page
Query Builder