PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13448 IBM CVE debrief

IBM Langflow OSS 1.0.0 through 1.10.1 contains an unauthenticated remote code execution vulnerability in the public flow build endpoint (/api/v1/build_public_tmp/{flow_id}/flow). The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components, including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent. This allows an attacker to execute arbitrary code on the affected system. The vulnerability has a high impact on the system and requires immediate attention.

Vendor
IBM
Product
Langflow OSS
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of IBM Langflow OSS 1.0.0 through 1.10.1 should be aware of this vulnerability and take steps to mitigate it. The vulnerability has a high impact on the system, and users should review the official advisory for more details. Security teams and operators should prioritize patching or mitigating the vulnerability to prevent potential attacks.

Technical summary

The vulnerability is caused by an incomplete denylist in the validate_public_flow_no_code_execution() function, which fails to block several code-execution agent components, including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent. This allows an attacker to execute arbitrary code on the affected system. The affected product is IBM Langflow OSS 1.0.0 through 1.10.1, and the vulnerability has a high CVSS score of 8.1.

Defensive priority

High

Recommended defensive actions

  • Apply the vendor's patch or update to a version that addresses this vulnerability.
  • Implement additional security controls, such as authentication and authorization, to restrict access to the affected endpoint.
  • Monitor the system for suspicious activity and implement incident response plans in case of a potential exploit.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-17T20:17:14.713Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components, including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent. Users should review the official advisory for more details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T20:17:14.713Z and has not been modified since then.