Impact
Langflow is a tool for building and deploying AI‑powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal (CWE-22) in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user‑supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw to create directories and write files anywhere on the server’s filesystem. This vulnerability is fixed in 1.9.0.
Affected Systems
Langflow by Langflow‑AI, versions earlier than 1.9.0. All installations using the Knowledge Bases API (POST /api/v1/knowledge_bases) are affected until the application is upgraded to version 1.9.0 or later.
Risk and Exploitability
The CVSS base score of 6.5 indicates a medium severity. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no widely reported exploits. The flaw requires authenticated access; an attacker with valid credentials can supply a crafted knowledge base name, resulting in arbitrary file creation or overwrite on the server’s filesystem. While the CVE only documents file writes, such activity could potentially enable further attacks, but no specific exploitation is documented.
OpenCVE Enrichment
Github GHSA