# CVE-2026-6543

> Vulnerability · severity: **HIGH** (CVSS 8.8).

## Description

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

## Key facts

- **CVE ID:** CVE-2026-6543
- **Published:** 2026-04-30
- **CVSS severity:** HIGH
- **CVSS base score:** 8.8
- **CWE codes:** CWE-94

## Affected products

- `langflow:langflow_desktop`

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-6543

## Citation

> AI Analytics. CVE-2026-6543. Retrieved 2026-07-14 from https://api.ai-analytics.org/cve/CVE-2026-6543. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*