The vulnerability occurs in the /profile_pictures/{folder_name}/{file_name} endpoint of Langflow, where the folder_name and file_name path parameters are not properly validated. This allows an attacker to input directory traversal sequences and read arbitrary files on the server, including sensitive files such as secret keys. The primary consequence is a confidentiality breach, granting unauthorized access to privileged configuration data and potentially enabling further compromise.

Any installation of Langflow prior to version 1.7.1 is affected. The product is Langflow, an AI workflow and agent development platform distributed by langflow-ai. The path traversal flaw exists in the download_profile_picture function and has been fixed in release 1.7.1 and later.

The CVSS score is 8.7, indicating a high severity vulnerability. The EPSS score is not available, and the flaw is not listed in CISA’s KEV catalog. The exploit is straightforward for anyone who can reach the endpoint; a crafted HTTP request with path traversal segments will read files outside the intended folder. While the advisory does not detail authentication requirements, it is inferred that the endpoint may be publicly accessible or protected by existing authentication, so the risk depends on the deployment’s exposure. Nonetheless, the potential for unauthorized file read warrants urgent attention.