HIGHCVE-2026-3357Published Modified CNA ibm
CVE-2026-3357: IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- IBM / Langflow Desktop≤ 1.8.2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences