CVE-2026-33309
Langflow · Langflow
Langflow contains an arbitrary file write vulnerability in the /api/v2/files/ endpoint, allowing authenticated attackers to achieve remote code execution.
Executive summary
An arbitrary file write vulnerability in Langflow allows authenticated attackers to perform remote code execution by bypassing existing filename validation.
Vulnerability
The vulnerability exists due to a failure in boundary containment within the LocalStorageService component. Authenticated attackers can bypass path-parameter guards during multipart file uploads to the POST /api/v2/files/ endpoint to write files to the host system.
Business impact
With a CVSS score of 9.9, this vulnerability poses a catastrophic risk to server integrity. An attacker who gains access to the application can write malicious scripts to the filesystem, resulting in full server compromise, unauthorized access to AI workflows, and potential lateral movement within the environment.
Remediation
Immediate Action: Upgrade Langflow to version 1.9.0 or higher to resolve the architectural flaw in the file storage service.
Proactive Monitoring: Review web server logs for suspicious file upload activity, particularly requests directed at the /api/v2/files/ endpoint involving unusual file extensions.
Compensating Controls: Implement strict network ingress filtering to limit access to the Langflow management interface to trusted IP addresses only.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The CVSS score of 9.9 highlights the extreme danger posed by this RCE vulnerability. Organizations currently utilizing Langflow versions 1.2.0 through 1.8.1 must treat this as a high-priority update to prevent total system takeover.