PatchSiren cyber security CVE debrief
CVE-2026-9202 IBM CVE debrief
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance. When NEW_USER_IS_ACTIVE=true, newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing AUTO_LOGIN. This critical vulnerability affects users of Langflow OSS and requires immediate mitigation. Affected users should review deployment options, verify instance configurations, and implement compensating controls to mitigate the risk.
- Vendor
- IBM
- Product
- Langflow OSS
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of IBM Langflow OSS 1.0.0 through 1.10.0, security teams, and operators managing Langflow instances should be aware of this critical vulnerability and take immediate action to mitigate the risk. Vulnerability management and security teams should review and implement compensating controls, verify instance configurations, and monitor for suspicious account creation activity.
Technical summary
The vulnerability allows unauthenticated attackers to create unlimited user accounts on any Langflow instance. When NEW_USER_IS_ACTIVE=true, newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing AUTO_LOGIN. The CVSS score for this vulnerability is 9.8, indicating a critical severity. Affected users should review deployment options, verify instance configurations, and implement compensating controls to mitigate the risk. The vulnerability highlights the importance of secure user account management and authentication mechanisms.
Defensive priority
High
Recommended defensive actions
- Apply the vendor patch or upgrade to a non-affected version
- Disable the NEW_USER_IS_ACTIVE deployment option
- Set AUTO_LOGIN to a secure value
- Monitor for suspicious account creation activity
- Implement additional security controls to prevent unauthorized access
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-17T18:17:17.490Z and was last modified on 2026-07-17T20:17:31.897Z. The NVD entry is currently Undergoing Analysis. Evidence is limited to CVE and NVD details. Defenders should verify Langflow instance configurations and user account management, focusing on NEW_USER_IS_ACTIVE and AUTO_LOGIN settings. Limited source details are available; defenders should exercise caution and consider additional verification steps.
Official resources
-
CVE-2026-9202 CVE record
CVE.org
-
CVE-2026-9202 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T18:17:17.490Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.