Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the server. In addition, in the response, the absolute path of the uploaded file is reported to the attacker, which is an information leak that can assist in chaining other primitives. This vulnerability is fixed in 1.9.1.
Published: 2026-06-23
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an unauthenticated file upload endpoint that accepts files of unlimited size. An attacker can mine the server's disk with arbitrary data, exhausting storage and causing a denial of service. The response also leaks the full absolute path of the uploaded file, exposing sensitive filesystem information that could be used to facilitate further attacks Authentication (CWE‑306), Uncontrolled Resource Consumption (CWE‑400), and Information Exposure (CWE‑200).

Affected Systems

Langflow (langflow‑ai:langflow) older than version 1.9.1. Any deployment of Langflow 1.8 unauthenticated users over the network is vulnerable.

Risk and Exploitability

The score of 9.3 marks this vulnerability as critical. Because no authentication is required and there are no size limits, the attack will succeed from any host able to reach the Langflow instance. The EPSS score is not available, but the clear attack surface suggests a high exploitation probability. The vulnerability has not appeared in the CISA KEV catalog yet, but its severity warrants urgent remediation. The likely attack vector is remote network access to the upload endpoint.

Generated by OpenCVE AI on June 23, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Langflow to version 1.9.1 or later to fix the upload controls and suppress path exposure.
  • If an upgrade is not possible, enforce authentication on the upload endpoint to restrict access only authorized users.
  • Implement file size limits or storage quotas on the upload folder to mitigate space exhaustion.
  • Sanitize or remove absolute file paths from server responses to avoid leaking filesystem details.

Generated by OpenCVE AI on June 23, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x223-p2gf-v735 Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
History

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the server. In addition, in the response, the absolute path of the uploaded file is reported to the attacker, which is an information leak that can assist in chaining other primitives. This vulnerability is fixed in 1.9.1.
Title Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
Weaknesses CWE-200
CWE-306
CWE-400
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T17:02:55.053Z

Reserved: 2026-06-16T21:59:57.018Z

Link: CVE-2026-55450

cve-icon Vulnrichment

Updated: 2026-06-23T17:01:03.861Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T22:30:08Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-306

    Missing Authentication for Critical Function

  • CWE-400

    Uncontrolled Resource Consumption