Cyber Resilience

CVE-2026-10134

CriticalRCE

Published: 30 June 2026

Published
30 June 2026
Modified
02 July 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0031 23.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-10134 is a critical-severity Code Injection (CWE-94) vulnerability in Langflow Langflow. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse…

more

cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

CWE-94 code injection in public-facing Langflow enables T1190 exploitation and attacker-controlled code execution (Python-based tool_code) on API calls for persistence.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-57439Shared CWE-94
CVE-2025-28993Shared CWE-94
CVE-2024-10263Shared CWE-94
CVE-2021-26120Shared CWE-94
CVE-2022-2636Shared CWE-94
CVE-2024-46076Shared CWE-94
CVE-2024-13645Shared CWE-94
CVE-2023-33131Shared CWE-94
CVE-2022-1609Shared CWE-94
CVE-2024-48453Shared CWE-94

Affected Assets

langflow
langflow
1.0.0 — 1.9.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-94

Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.

addresses: CWE-94

Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.

addresses: CWE-94

Validates inputs used in dynamic code generation to block injected directives.

addresses: CWE-94

Directly prevents execution of attacker-supplied code written into data memory regions.

References