CVE-2026-5027KEVEXPLOITED

langflow · Langflow

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path trave

Description

The flaw can enable remote code execution (RCE), and because Langflow enables unauthenticated auto-login by default, attackers can reach the vulnerable endpoint without credentials.

Affected Products

Vendor	Product	Versions
langflow	Langflow	0.8.3, 1.8.4

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	open source langflow	cert_advisory	90%

References

Related News (5 articles)

Tier D

CSO Online5h ago

Langflow RCE under active attack months after a patch was shipped

→ No new info (linked only)

Tier D

SecurityWeek4d ago

Hackers Exploit Langflow Vulnerability for Remote Code Execution

→ No new info (linked only)

Tier D

BleepingComputer4d ago

Path traversal flaw in AI dev platform Langflow exploited in attacks

→ No new info (linked only)

Tier D

The Hacker News5d ago

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

→ No new info (linked only)

Tier B

BSI Advisories77d ago

[NEU] [UNGEPATCHT] [hoch] Langflow: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

CWECWE-22

PublishedMar 27, 2026

Last enriched5h agov5

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-33017EXPKEV

Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Trending: 1

HIGHCVE-2026-33053

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with

HIGHCVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any

HIGHCVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpo

CRITICALCVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to th

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Added to CISA KEV

Mar 27, 2026

Actively Exploited

Mar 30, 2026

Exploit Available

Mar 30, 2026

Discovered by ZDM

Apr 1, 2026

Updated: product

Jun 10, 2026

Updated: description, affectedVersions, tags

Jun 10, 2026

Updated: description, tags

Jun 11, 2026

Updated: affectedVersions, tags

Jun 15, 2026

Version History

Last enriched 5h ago

v5Tier D5h ago

Added affected versions up to 1.8.4 and updated patch available to version 1.9.0.

affectedVersionstags

via CSO Online

v4Tier D4d ago

Added a detailed description of the vulnerability enabling remote code execution and included a new tag for remote code execution.

descriptiontags

via SecurityWeek

v3Tier D4d ago

Updated description with more technical detail, added affected versions, and specified the patch available in version 1.9.0.

descriptionaffectedVersionstags

via BleepingComputer

v2Tier D5d ago

Added product name 'Langflow' and confirmed CVSS score of 8.8.

product

via The Hacker News

v174d ago

Initial creation