IBM Langflow Desktop versions up to and including 1.8.4 contain a path‑traversal flaw in the file upload endpoint. A remote attacker who can send arbitrary HTTP requests to the service can embed directory‑separation sequences such as /../ in the URL path. The server resolves these sequences and exposes the contents of any file located on its file system, allowing the attacker to read sensitive data. The weakness corresponds to CWE‑22 and results in confidentiality compromise without granting code execution or modification rights.

The vulnerability applies to IBM Langflow Desktop product versions 1.8.0 through 1.8.4, with the installed CPE specifically referencing version 1.8.4. The vendor confirms that upgrading to version 1.9.0 or newer eliminates the flaw.

The CVSS base score of 6.5 places the vulnerability in the medium severity range. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog, indicating that large‑scale exploitation has not been reported. Based on the description, it is inferred that the attack vector is remote, requiring the ability to send crafted HTTP requests to the API service. The exploit does not need authentication or privileged access, so any host that accepts the download can be targeted. Because the flaw allows reading arbitrary files, it may expose credentials, configuration files, or other sensitive data, leading to confidentiality compromise.