The vulnerability is an arbitrary file write flaw that allows an authenticated attacker to upload a file to any path on the host system using the POST /api/v2/files/ endpoint. Because the underlying storage layer does not enforce boundary checks and relies solely on a HTTP-layer validation that can be bypassed, an attacker can place malicious code or scripts on the server. Writing a reverse‑shell script, for example, gives the attacker full control over the host, compromising confidentiality, integrity, and availability. This flaw is reflected by multiple CWE identifiers, including External Control of File Name and Unchecked Input Leading to Uncontrolled File Write.

The affected vendor is langflow‑ai, with its Langflow product. Versions 1.2.0 through 1.8.1 are vulnerable. The issue was addressed in version 1.9.0, which includes a proper boundary check for file names and removed the exposed endpoint vulnerability.

With a CVSS score of 10 a, the flaw is critical. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. The exploit requires authentication and an active session on the API, so it is more likely to be used by internal or compromised user accounts. However, once a file is written, the attacker can execute arbitrary code, making it high risk. The design flaw remains after the patch for CVE‑2025‑68478 was bypassed, indicating a deep architectural issue.