How is CVE-2026-7873 exploited?

Network reachability (required): The vulnerable endpoint is exposed over the network, so an attacker must be able to reach the service remotely. Authentication (required): Any low-privilege authenticated account is sufficient to reach the vulnerable code validation endpoint; no administrative rights are needed. Victim interaction (not-required): No victim action is needed; the attacker sends a crafted request directly to the endpoint without requiring anyone to click a link or open a file. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race conditions, or memory-layout knowledge.

What is the impact of CVE-2026-7873?

Reads sensitive files on the host, including stored credentials, API keys, and configuration secrets that may be used to access downstream systems. Executes arbitrary OS commands on the underlying host with the permissions of the Langflow process. Achieves full confidentiality, integrity, and availability impact on the compromised host, effectively constituting a complete system takeover. Enables lateral movement to adjacent systems or cloud environments using harvested credentials, extending the breach beyond the initial host.

Back to search

CRITICALCVE-2026-7873Published 2026-06-30Modified 2026-06-30CNA ibm

CVE-2026-7873: Code Injection Vulnerability in Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

CVSS v3.1: 9.9
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a code injection vulnerability in IBM Langflow OSS, versions 1.0.0 through 1.10.0, affecting the code validation endpoint. An attacker with any valid account can reach the vulnerable endpoint over the network and inject arbitrary OS commands without needing elevated privileges or any victim interaction. Successful exploitation gives the attacker full control of the underlying system, including the ability to read credentials, execute arbitrary commands, and move laterally to connected systems. No upstream fix has been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available the moment IBM releases one.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment. CVE-2026-7873 is matched against customer images, including custom-built images, within minutes of ingestion from upstream advisory feeds, flagging any image running IBM Langflow OSS at or below version 1.10.0.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS 9.9 Critical and weighting it against each environment's compliance policy to determine urgency and routing. Findings are routable to the appropriate team inbox within each customer organization based on configured policy and image ownership.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment IBM publishes a corrected release. In the interim, customers can use HarborGuard's policy controls to flag or block deployment of affected images across their pipelines.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable endpoint is exposed over the network, so an attacker must be able to reach the service remotely.
AuthenticationRequired
Any low-privilege authenticated account is sufficient to reach the vulnerable code validation endpoint; no administrative rights are needed.
Victim interactionNot required
No victim action is needed; the attacker sends a crafted request directly to the endpoint without requiring anyone to click a link or open a file.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race conditions, or memory-layout knowledge.

Blast Radius

Reads sensitive files on the host, including stored credentials, API keys, and configuration secrets that may be used to access downstream systems.
Executes arbitrary OS commands on the underlying host with the permissions of the Langflow process.
Achieves full confidentiality, integrity, and availability impact on the compromised host, effectively constituting a complete system takeover.
Enables lateral movement to adjacent systems or cloud environments using harvested credentials, extending the breach beyond the initial host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-7873 is active across all customer environments, matching images at or below IBM Langflow OSS 1.10.0 against the advisory within minutes of ingestion. Because IBM has not yet published a fix, no patched-image rebuild is available at this time. HarborGuard will re-check the advisory each ingest cycle and make a rebuild available automatically once upstream publishes a corrected version; for customers with auto-remediation enabled, that rebuild will trigger a regression run and open a PR against affected workloads without manual intervention. Given the critical severity and absence of a patch, customers should consider using HarborGuard's network-policy isolation controls to restrict inbound access to the Langflow service to trusted principals only, apply egress filtering to limit the blast radius of any command execution, and evaluate whether the code validation endpoint can be disabled via feature-flag or configuration until a fix is available.

See how HarborGuard automates this

Affected packages

IBM / Langflow OSS
≤ 1.10.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

ibm.com

Metrics

Get notified