Security
Langflow CVE-2026-5027: path traversal RCE actively exploited on ~7,000 exposed instances
- Category: Security
- Status: confirmed
- Sources: Langflow security advisories, SecurityWeek, The Hacker News
- Summary: CVE-2026-5027 (CVSS 8.8) is a path traversal flaw in the
POST /api/v2/filesendpoint of Langflow, an open-source visual platform for building AI agents and RAG workflows. Thefilenamemultipart parameter is not sanitized, allowing../sequences to write files to arbitrary filesystem locations. Langflow enables unauthenticated auto-login by default, making the endpoint reachable without credentials. VulnCheck detected first in-the-wild exploitation on 2026-06-08. Censys identifies approximately 7,000 publicly exposed Langflow instances. Fixed in version 1.9.0 (2026-04-15); upgrade to 1.10.0 is the current recommendation. - Why it matters: Any Langflow instance reachable from the internet and running a version prior to 1.9.0 is actively being targeted; arbitrary file write enables cron-based persistence and lateral movement on the host.
- Follow-up: Watch for CISA KEV formal addition.