CVE-2026-3357

Source
https://cve.org/CVERecord?id=CVE-2026-3357
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3357.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3357
Published
2026-04-08T01:16:41.057Z
Modified
2026-07-15T06:01:09.116439Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

References

Affected packages

Git / github.com/langflow-ai/langflow

Affected ranges

Type
GIT
Repo
https://github.com/langflow-ai/langflow
Events
Database specific
{
    "cpe": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.6.0"
        },
        {
            "fixed": "1.8.3"
        }
    ],
    "source": "CPE_RANGE"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3357.json"