CVE-2026-3357
IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
IBM · Langflow DesktopWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →