Langflow - Path Traversal Arbitrary File Write via upload_user_file

Description

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

Affected Products

Vendor	Product	Versions
langflow-ai	langflow	0

References

https://www.tenable.com/security/research/tra-2026-26

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-5027 | langflow-ai langflow Multipart Form Data Parser /api/v2/files filename path traversal

→ No new info (linked only)

CVSS 3.18.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-22

Published3/27/2026

Last enriched3h agov2

Trending Score54

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 3h ago

v2Tier C3h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v14h ago

Initial creation