What is CVE-2026-6543?

CVE-2026-6543 is a high-severity vulnerability in Ibm Langflow Desktop, classified under Code Injection. CVSS score: 8.8/10. Published 2026-04-30.

How severe is CVE-2026-6543?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Ibm Langflow Desktop

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifyi…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ibm Langflow Desktop — versions 1.0.0
Langflow Langflow_desktop

Weakness classification (CWE)

CWE-94 — Code Injection

References

psirt@us.ibm.com (vendor-advisory, patch, Vendor Advisory)

Frequently asked questions

What is CVE-2026-6543?: CVE-2026-6543 is a high-severity vulnerability in Ibm Langflow Desktop, classified under Code Injection. CVSS score: 8.8/10. Published 2026-04-30.
How severe is CVE-2026-6543?: High severity. CVSS v3 base score is 8.8 out of 10.