Langflow versions prior to 1.9.2 are vulnerable to arbitrary file read attacks, allowing unauthorized access to sensitive system files via malicious RAG components.

The vulnerability affects multiple RAG-related components, such as Docling and various file readers. By providing a malicious path within an input file, an attacker can trick the system into reading sensitive files from the server's filesystem using an absolute path.

This vulnerability could result in the total disclosure of sensitive configuration files, environment variables, or system credentials stored on the application server. With a CVSS score of 9.6, the potential for full system compromise via credential harvesting or configuration exposure is severe.

Immediate Action: Update Langflow to version 1.9.2 or later to apply the necessary filesystem access restrictions.

Proactive Monitoring: Monitor filesystem access logs for unexpected read attempts outside of intended directories and audit the contents of uploaded RAG data.

Compensating Controls: Ensure the Langflow application is running within a containerized environment with minimal filesystem privileges to limit the impact of potential traversal attacks.

Public Exploit Available: Unknown

The risk of arbitrary file reading requires immediate attention to protect sensitive system data. Administrators should deploy version 1.9.2 and conduct a thorough audit of any previously processed RAG data to ensure no compromise has already occurred.