Description
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content.

Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leading to stored cross-site scripting (XSS). This allows stealing authentication tokens stored in cookies, including JWT access and refresh tokens.
Published: 2026-03-27
Score: 7 High
EPSS: n/a
KEV: No
Impact: Stored Cross‑Site Scripting capable of stealing authentication tokens
Action: Immediate Patch
AI Analysis

Impact

The vulnerability lies in an API endpoint that serves SVG files without sanitization. Malicious SVGs can embed JavaScript that executes when opened by other users, allowing an attacker to run code in the victim’s browser and exfiltrate cookies such as JWT tokens. This leads to unauthorized access and session hijacking.

Affected Systems

The flaw affects the Langflow AI platform (langflow). The CVE does not specify any particular version, so all deployments may be susceptible unless a future patch is applied.

Risk and Exploitability

A CVSS score of 7 indicates high severity. Although EPSS data is missing and the vulnerability is not listed in CISA’s KEV catalog, the stored nature and ability to inject JavaScript make exploitation likely against users who view uploaded content. The attack would require an attacker to upload a malicious SVG via the public endpoint, after which any user who views the file triggers the payload. The absence of an official fix means current risk remains high until a remediation is deployed.

Generated by OpenCVE AI on March 27, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version as soon as it is released
  • Validate MIME types and file extensions to block SVG uploads if not required
  • Sanitize or strip scripts from SVG files before storage
  • Implement a strict Content Security Policy that disallows inline scripts from SVG resources
  • Monitor upload activity and alert on suspicious file names or traffic to the file endpoint

Generated by OpenCVE AI on March 27, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leading to stored cross-site scripting (XSS). This allows stealing authentication tokens stored in cookies, including JWT access and refresh tokens.
Title Langflow - Stored XSS via Malicious SVG Upload
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published:

Updated: 2026-03-27T15:35:23.336Z

Reserved: 2026-03-27T14:43:36.423Z

Link: CVE-2026-5026

cve-icon Vulnrichment

Updated: 2026-03-27T15:35:15.446Z

cve-icon NVD

Status : Received

Published: 2026-03-27T15:17:04.597

Modified: 2026-03-27T15:17:04.597

Link: CVE-2026-5026

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:28:24Z

Weaknesses