Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw to create directories and write files anywhere on the server's filesystem. This vulnerability is fixed in 1.9.0.
Published: 2026-06-23
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Langflow is a tool for building and deploying AI‑powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal (CWE-22) in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user‑supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw to create directories and write files anywhere on the server’s filesystem. This vulnerability is fixed in 1.9.0.

Affected Systems

Langflow by Langflow‑AI, versions earlier than 1.9.0. All installations using the Knowledge Bases API (POST /api/v1/knowledge_bases) are affected until the application is upgraded to version 1.9.0 or later.

Risk and Exploitability

The CVSS base score of 6.5 indicates a medium severity. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no widely reported exploits. The flaw requires authenticated access; an attacker with valid credentials can supply a crafted knowledge base name, resulting in arbitrary file creation or overwrite on the server’s filesystem. While the CVE only documents file writes, such activity could potentially enable further attacks, but no specific exploitation is documented.

Generated by OpenCVE AI on June 24, 2026 at 10:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Langflow 1.9.0 or later, where the path traversal issue is fixed.
  • If upgrading is delayed, enforce strict file permissions on the directory used for knowledge bases, limiting write access to only the necessary service account.
  • Validate and sanitize all incoming knowledge base names, rejecting any value that contains path traversal characters or strings.

Generated by OpenCVE AI on June 24, 2026 at 10:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-79ph-745m-6wxq Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint
History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Langflow
Langflow langflow
Vendors & Products Langflow
Langflow langflow

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw to create directories and write files anywhere on the server's filesystem. This vulnerability is fixed in 1.9.0.
Title Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}


Subscriptions

Langflow Langflow
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T17:02:43.824Z

Reserved: 2026-04-30T18:49:06.710Z

Link: CVE-2026-42867

cve-icon Vulnrichment

Updated: 2026-06-23T17:01:48.325Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')