30 matches found
CVE-2026-3357
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...
CVE-2026-3357 IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...
CVE-2026-3357
IBM Langflow Desktop versions 1.6.0–1.8.2 are affected by CVE-2026-3357 due to unsafe deserialization in the FAISS Vector Store component, enabling an authenticated user to execute arbitrary code on the system. The vulnerability stems from a default setting that allows loading untrusted Python Pi...
Security Bulletin: IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file
Summary IBM Langflow Desktop supports retrieval-augmented generation RAG workflows through its FAISS Vector Store component, which loads persisted vector indexes and associated metadata from disk. A vulnerability in the FAISS component arises from unsafe deserialization of Python Pickle files,...
EUVD-2024-2778
Malicious code in bioql PyPI...
CVE-2024-5998
A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product...
LangChain pickle deserialization of untrusted data
A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4...
GHSA-F2JM-RW3H-6PHG LangChain pickle deserialization of untrusted data
A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4...
CVE-2024-5998
Technical details for CVE-2024-5998 (LangChain FAISS deserialize_from_bytes) are not provided in the connected documents. Monitor official advisories for affected versions, impact, and fixes.
LangChain 代码问题漏洞
LangChain is a LangChain open source implementation of a locally hosted chatbot dedicated to answering questions via LangChain documents. LangChain suffers from a code issue vulnerability that stems from the FAISS.deserializefrombytes function's pickle deserialization of untrustworthy data, which...