CVE-2026-7872
IBM · Langflow OSS
IBM Langflow OSS contains a path traversal vulnerability that could allow an unauthenticated attacker to access restricted files on the system.
Executive summary
A path traversal vulnerability in IBM Langflow OSS allows unauthenticated remote attackers to access unauthorized files, posing a high risk to system security.
Vulnerability
This is a path traversal vulnerability (CWE-22) that fails to properly sanitize user input, allowing attackers to access files outside of the intended directory. This vulnerability is accessible to unauthenticated attackers over the network.
Business impact
Successful exploitation allows an attacker to read sensitive configuration files or system data, which can lead to a total system compromise. With a CVSS score of 7.5, this vulnerability represents a significant risk to the integrity and confidentiality of the host environment.
Remediation
Immediate Action: Upgrade the Langflow OSS installation to version 1.10.1 immediately to patch the path traversal vulnerability.
Proactive Monitoring: Monitor file system access logs for abnormal requests that include directory traversal sequences such as double dots.
Compensating Controls: Deploy a WAF configured to block requests containing directory traversal patterns (e.g., "../") to prevent exploitation while the upgrade is being planned.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The severity of path traversal vulnerabilities necessitates immediate action to prevent unauthorized file access. Administrators should upgrade to version 1.10.1 as soon as possible and audit their current deployments for any signs of suspicious file access attempts.