{"vulnerability": "CVE-2026-10561", "sightings": [{"uuid": "6d3a191d-11c8-49bb-bf00-0334554ac054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116794133423406732", "content": "A new vulnerability with increased severity was disclosed for IBM Langflow OSS (CVE-2026-10561) https://vuldb.com/vuln/372672", "creation_timestamp": "2026-06-22T14:04:10.819432Z"}, {"uuid": "bda7b1c6-0e9d-43f5-9fb2-c9d5db2ee5d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10561", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116794354131566974", "content": "IBM Langflow OSS v1.0.0 \u2013 1.9.3 hit by CRITICAL code injection (CVE-2026-10561, CVSS 10). Auth bypass enables unauth'd RCE & total compromise. No patch yet \u2014 track IBM advisories for updates. https://radar.offseq.com/threat/cve-2026-10561-cwe-94-improper-control-of-generati-066ce4d0e72e70d2 #OffSeq #Infosec #CVE202610561", "creation_timestamp": "2026-06-22T15:00:15.139173Z"}, {"uuid": "cca50acb-8698-40a5-b2a2-f6be81f07e0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movakaqy3q2m", "content": "CVE-2026-10561 - Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection\nCVE ID : CVE-2026-10561\n \n Published : June 22, 2026, 1:22 p.m. | 2\u00a0hours, 21\u00a0minutes ago\n \n Description : IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerabilit...", "creation_timestamp": "2026-06-22T15:52:17.216940Z"}, {"uuid": "4a41ff7b-4053-4ecd-916a-dec10509cf77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10561", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mov5n7s5ms2m", "content": "CRITICAL code injection in IBM Langflow OSS (1.0.0 \u2013 1.9.3): CVE-2026-10561 enables unauthenticated RCE. No patch yet \u2014 monitor IBM advisories. https://radar.offseq.com/threat/cve-2026-10561-cwe-94-improper-control-of-generati-066ce4d0e72e70d2 #OffSeq #Vuln #CVE202610561", "creation_timestamp": "2026-06-22T15:00:15.896902Z"}, {"uuid": "f32c1847-8130-43e3-8cde-503072df441a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movcuf36ud2y", "content": "CVE-2026-10561 - Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection\nCVE ID : CVE-2026-10561\n \n Published : June 22, 2026, 1:22 p.m. | 1\u00a0hour, 48\u00a0minutes ago\n \n Description : IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability...", "creation_timestamp": "2026-06-22T16:33:44.652960Z"}, {"uuid": "a1517023-31ce-403e-b574-1e5e04669d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mow2ap6a2o2f", "content": "\ud83d\udea8  ALERT: CVE-2026-10561\n\nCVSS 10.0/10\n\n\ud83d\udccb WHAT IT IS:\nIBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in c", "creation_timestamp": "2026-06-22T23:32:13.878472Z"}]}