PatchSiren cyber security CVE debrief
CVE-2026-13448 IBM CVE debrief
IBM Langflow OSS 1.0.0 through 1.10.1 contains an unauthenticated remote code execution vulnerability in the public flow build endpoint (/api/v1/build_public_tmp/{flow_id}/flow). The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components, including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent. This allows an attacker to execute arbitrary code on the affected system. The vulnerability has a high impact on the system and requires immediate attention.
- Vendor
- IBM
- Product
- Langflow OSS
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of IBM Langflow OSS 1.0.0 through 1.10.1 should be aware of this vulnerability and take steps to mitigate it. The vulnerability has a high impact on the system, and users should review the official advisory for more details. Security teams and operators should prioritize patching or mitigating the vulnerability to prevent potential attacks.
Technical summary
The vulnerability is caused by an incomplete denylist in the validate_public_flow_no_code_execution() function, which fails to block several code-execution agent components, including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent. This allows an attacker to execute arbitrary code on the affected system. The affected product is IBM Langflow OSS 1.0.0 through 1.10.1, and the vulnerability has a high CVSS score of 8.1.
Defensive priority
High
Recommended defensive actions
- Apply the vendor's patch or update to a version that addresses this vulnerability.
- Implement additional security controls, such as authentication and authorization, to restrict access to the affected endpoint.
- Monitor the system for suspicious activity and implement incident response plans in case of a potential exploit.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-17T20:17:14.713Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components, including OpenDsStarAgent, CodeActAgentSmolagents, and CSVAgent. Users should review the official advisory for more details.
Official resources
-
CVE-2026-13448 CVE record
CVE.org
-
CVE-2026-13448 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T20:17:14.713Z and has not been modified since then.