CVE-2026-7872

IBM · Langflow OSS

IBM Langflow OSS contains a path traversal vulnerability that could allow an unauthenticated attacker to access restricted files on the system.

Executive summary

A path traversal vulnerability in IBM Langflow OSS allows unauthenticated remote attackers to access unauthorized files, posing a high risk to system security.

Vulnerability

This is a path traversal vulnerability (CWE-22) that fails to properly sanitize user input, allowing attackers to access files outside of the intended directory. This vulnerability is accessible to unauthenticated attackers over the network.

Business impact

Successful exploitation allows an attacker to read sensitive configuration files or system data, which can lead to a total system compromise. With a CVSS score of 7.5, this vulnerability represents a significant risk to the integrity and confidentiality of the host environment.

Remediation

Immediate Action: Upgrade the Langflow OSS installation to version 1.10.1 immediately to patch the path traversal vulnerability.

Proactive Monitoring: Monitor file system access logs for abnormal requests that include directory traversal sequences such as double dots.

Compensating Controls: Deploy a WAF configured to block requests containing directory traversal patterns (e.g., "../") to prevent exploitation while the upgrade is being planned.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The severity of path traversal vulnerabilities necessitates immediate action to prevent unauthorized file access. Administrators should upgrade to version 1.10.1 as soon as possible and audit their current deployments for any signs of suspicious file access attempts.