{"vulnerability": "cve-2026-10561", "sightings": [{"uuid": "6d3a191d-11c8-49bb-bf00-0334554ac054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116794133423406732", "content": "A new vulnerability with increased severity was disclosed for IBM Langflow OSS (CVE-2026-10561) https://vuldb.com/vuln/372672", "creation_timestamp": "2026-06-22T14:04:10.819432Z"}, {"uuid": "bda7b1c6-0e9d-43f5-9fb2-c9d5db2ee5d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10561", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116794354131566974", "content": "IBM Langflow OSS v1.0.0 \u2013 1.9.3 hit by CRITICAL code injection (CVE-2026-10561, CVSS 10). Auth bypass enables unauth'd RCE & total compromise. No patch yet \u2014 track IBM advisories for updates. https://radar.offseq.com/threat/cve-2026-10561-cwe-94-improper-control-of-generati-066ce4d0e72e70d2 #OffSeq #Infosec #CVE202610561", "creation_timestamp": "2026-06-22T15:00:15.139173Z"}, {"uuid": "4a41ff7b-4053-4ecd-916a-dec10509cf77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10561", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mov5n7s5ms2m", "content": "CRITICAL code injection in IBM Langflow OSS (1.0.0 \u2013 1.9.3): CVE-2026-10561 enables unauthenticated RCE. No patch yet \u2014 monitor IBM advisories. https://radar.offseq.com/threat/cve-2026-10561-cwe-94-improper-control-of-generati-066ce4d0e72e70d2 #OffSeq #Vuln #CVE202610561", "creation_timestamp": "2026-06-22T15:00:15.896902Z"}, {"uuid": "cca50acb-8698-40a5-b2a2-f6be81f07e0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movakaqy3q2m", "content": "CVE-2026-10561 - Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection\nCVE ID : CVE-2026-10561\n \n Published : June 22, 2026, 1:22 p.m. | 2\u00a0hours, 21\u00a0minutes ago\n \n Description : IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerabilit...", "creation_timestamp": "2026-06-22T15:52:17.216940Z"}, {"uuid": "f32c1847-8130-43e3-8cde-503072df441a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movcuf36ud2y", "content": "CVE-2026-10561 - Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection\nCVE ID : CVE-2026-10561\n \n Published : June 22, 2026, 1:22 p.m. | 1\u00a0hour, 48\u00a0minutes ago\n \n Description : IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability...", "creation_timestamp": "2026-06-22T16:33:44.652960Z"}, {"uuid": "a1517023-31ce-403e-b574-1e5e04669d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mow2ap6a2o2f", "content": "\ud83d\udea8  ALERT: CVE-2026-10561\n\nCVSS 10.0/10\n\n\ud83d\udccb WHAT IT IS:\nIBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in c", "creation_timestamp": "2026-06-22T23:32:13.878472Z"}, {"uuid": "3ee4e7cc-0e98-4049-82dd-2004695b4b0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10561", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3moxeqyvn5t22", "content": "CVE-2026-10561 - Critical auth bypass in IBM Langflow. Unauthenticated RCE via Python execution isolation flaw. CVSS 10.0. No patch available\u2014disconnect or mitigate immediately. #CVE #infosec #IBM\n\nhttps://www.valtersit.com/cve/CVE-2026-10561/", "creation_timestamp": "2026-06-23T12:12:58.444034Z"}]}