Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to th

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix.

Affected Products

Vendor	Product	Versions
langflow	langflow	< 1.9.0

References

https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c(Exploit, Mitigation, Vendor Advisory)

CVSS 3.19.9 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.9.0

CWECWE-22, CWE-73, CWE-94, CWE-284

PublishedMar 24, 2026

Last enriched43d ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to th

Description

Affected Products

References

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline