Home / Vulnerability Intelligence / CVE-2026-3357

CVE-2026-3357 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 8, 2026

IBM Langflow Desktop - Remote Code Execution

Published: April 8, 2026Updated: April 8, 2026Remote Exploitable

Overview

IBM Langflow Desktop 1.6.0 through 1.8.2 contains an insecure deserialization vulnerability caused by insecure default settings in the FAISS component, letting authenticated users execute arbitrary code on the system.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated users can execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to the latest version beyond 1.8.2.

References

https://www.ibm.com/support/pages/node/7268428

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3357
Severity: High
CVSS Score: 8.8
Type: insecure_deserialization
Status: new

CWE

CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H