CVE-2026-42048 - Vulnerability Details

- Langflow: Path Traversal in Langflow Knowledge Bases API

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption. This vulnerability is fixed in 1.9.0.

Published: 2026-05-12

Score: 9.6 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Langflow versions before 1.9.0 are vulnerable to a path traversal flaw in the Knowledge Bases API. Unvalidated user supplied names become part of file system paths, allowing an authenticated attacker to delete any directory on the server. The flaw leads to loss of data and potential service disruption. The weakness is a classic directory traversal exploit (CWE-22).

Affected Systems

All installations of the Langflow AI platform with version numbers lower than 1.9.0 are affected. The vendor addressed the issue in release 1.9.0, which includes input sanitization for the DELETE /api/v1/knowledge_bases endpoint.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.6 and is classified as a critical weakness, but its EPSS score is currently unavailable and it is not listed in the CISA KEV catalog. Attackers require valid authentication to the API; once authenticated, they can execute the path traversal to delete arbitrary directories without further privileges. Given the high severity score and the potential to cripple services, the risk of exploitation is significant for exposed installations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

langflow-ai

langflow

affected

Version	Status	Constraints
`< 1.9.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Langflow

92%

Version	Status	Scheme	Platform
`[0,1.9.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Langflow to version 1.9.0 or later, which sanitizes knowledge base names.
Restrict access to the DELETE /api/v1/knowledge_bases endpoint to trusted administrators and enforce least‑privilege file permissions on the server.
As an interim measure, disable or remove the DELETE capability for knowledge bases via configuration changes or API gateway rules.

Generated by OpenCVE AI on May 12, 2026 at 19:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-9whx-c884-c68q	Langflow Knowledge Bases API is Vulnerable to Path Traversal

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q

History

Thu, 14 May 2026 13:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:langflow:langflow::::::::

Wed, 13 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 13 May 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Langflow Langflow langflow
Vendors & Products		Langflow Langflow langflow

Tue, 12 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption. This vulnerability is fixed in 1.9.0.
Title		Langflow: Path Traversal in Langflow Knowledge Bases API
Weaknesses		CWE-22
References		https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H'}`

Subscriptions

Langflow Langflow

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-12T17:35:27.688Z

Updated: 2026-05-13T14:14:16.193Z

Reserved: 2026-04-23T16:05:01.709Z

Link: CVE-2026-42048

Vulnrichment

Updated: 2026-05-13T14:14:01.068Z

NVD

Status : Analyzed

Published: 2026-05-12T18:17:23.780

Modified: 2026-05-14T12:52:16.603

Link: CVE-2026-42048

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-13T09:45:09Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object