• Category: Security
  • Status: confirmed
  • Sources: Langflow security advisories, SecurityWeek, The Hacker News
  • Summary: CVE-2026-5027 (CVSS 8.8) is a path traversal flaw in the POST /api/v2/files endpoint of Langflow, an open-source visual platform for building AI agents and RAG workflows. The filename multipart parameter is not sanitized, allowing ../ sequences to write files to arbitrary filesystem locations. Langflow enables unauthenticated auto-login by default, making the endpoint reachable without credentials. VulnCheck detected first in-the-wild exploitation on 2026-06-08. Censys identifies approximately 7,000 publicly exposed Langflow instances. Fixed in version 1.9.0 (2026-04-15); upgrade to 1.10.0 is the current recommendation.
  • Why it matters: Any Langflow instance reachable from the internet and running a version prior to 1.9.0 is actively being targeted; arbitrary file write enables cron-based persistence and lateral movement on the host.
  • Follow-up: Watch for CISA KEV formal addition.

Send feedback on this story