CVE-2026-33309

Langflow · Langflow

Langflow contains an arbitrary file write vulnerability in the /api/v2/files/ endpoint, allowing authenticated attackers to achieve remote code execution.

Executive summary

An arbitrary file write vulnerability in Langflow allows authenticated attackers to perform remote code execution by bypassing existing filename validation.

Vulnerability

The vulnerability exists due to a failure in boundary containment within the LocalStorageService component. Authenticated attackers can bypass path-parameter guards during multipart file uploads to the POST /api/v2/files/ endpoint to write files to the host system.

Business impact

With a CVSS score of 9.9, this vulnerability poses a catastrophic risk to server integrity. An attacker who gains access to the application can write malicious scripts to the filesystem, resulting in full server compromise, unauthorized access to AI workflows, and potential lateral movement within the environment.

Remediation

Immediate Action: Upgrade Langflow to version 1.9.0 or higher to resolve the architectural flaw in the file storage service.

Proactive Monitoring: Review web server logs for suspicious file upload activity, particularly requests directed at the /api/v2/files/ endpoint involving unusual file extensions.

Compensating Controls: Implement strict network ingress filtering to limit access to the Langflow management interface to trusted IP addresses only.

Exploitation status

Public Exploit Available: No

Analyst recommendation

The CVSS score of 9.9 highlights the extreme danger posed by this RCE vulnerability. Organizations currently utilizing Langflow versions 1.2.0 through 1.8.1 must treat this as a high-priority update to prevent total system takeover.