IBM has issued a critical security alert regarding a vulnerability in the Langflow open-source AI framework, identified as CVE-2026-7524, with a critical CVSS score of 9.8. This flaw enables attackers to read arbitrary system files and execute remote code, potentially leading to a full system compromise. The issue lies in the framework's file processing components, where malicious symbolic links can be uploaded in crafted archives.
To prevent exploitation, users are urged to upgrade to version 1.9.2 immediately, as the vulnerability affects all installations from version 1.0.0 to 1.9.1.