CVE-2026-3357
Published: 08 April 2026
Summary
CVE-2026-3357 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Langflow Langflow. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-3357 affects IBM Langflow Desktop versions 1.6.0 through 1.8.2, where an insecure default setting in the FAISS component permits the deserialization of untrusted data. This vulnerability enables an authenticated user to execute arbitrary code on the system and is classified under CWE-502 (Deserialization of Untrusted Data). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.
An authenticated user with low privileges can exploit this issue remotely by providing malicious input that triggers unsafe deserialization in the FAISS component. No user interaction is required, allowing the attacker to achieve arbitrary code execution on the targeted system, potentially leading to full compromise.
IBM provides details on mitigations and patches in their security advisory at https://www.ibm.com/support/pages/node/7268428.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-20023
Vulnerability details
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: faiss, langflow
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote arbitrary code execution via unsafe deserialization by a low-privileged authenticated user, directly enabling Exploitation for Privilege Escalation (T1068) and Exploitation of Remote Services (T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through vendor patches directly addresses and corrects the insecure deserialization vulnerability in the FAISS component.
Establishing and enforcing secure configuration settings mitigates the insecure default that permits deserialization of untrusted data.
Information input validation helps prevent the processing of malicious serialized data that exploits the deserialization flaw.