Key Findings Critical vulnerability CVE-2026-7524 in Langflow OSS framework allows arbitrary file reading and remote code execution with CVSS score of 9.8 Flaw exploits symlink handling in archive extraction across Docling, Docling Serve, and Unstructured API modules Attackers can steal JWT secrets, forge authorization tokens, and execute arbitrary Python code through chatbot queries Affects versions 1.0.0 through 1.9.1; patch available in version 1.9.2 Separate critical vuln