CVE-2026-8859
IBM · Langflow OSS
A path traversal vulnerability in the IBM Langflow OSS APIRequest component allows an authenticated attacker to write arbitrary files to the server by manipulating file paths.
Executive summary
IBM Langflow OSS is susceptible to a path traversal vulnerability that allows an authenticated attacker to perform arbitrary file writes on the host system.
Vulnerability
The APIRequest component fails to sanitize filenames provided in HTTP Content-Disposition headers when the Save to File feature is enabled. This allows an attacker with low-level access to use path traversal sequences to write files outside of the intended directory.
Business impact
With a CVSS score of 9.9, this vulnerability poses a severe risk as it allows an attacker to overwrite critical system files or upload malicious scripts to the server. Successful exploitation could lead to full system takeover, persistent backdoor installation, or the corruption of essential application data, resulting in significant operational downtime.
Remediation
Immediate Action: Update IBM Langflow OSS to version 1.10.1 to resolve the path validation flaw.
Proactive Monitoring: Monitor filesystem integrity and audit logs for unusual file write operations, particularly in directories outside of designated temporary storage areas.
Compensating Controls: Implement strict egress filtering and ensure the Langflow process runs with the least privilege necessary to limit the impact of potential file system writes.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the potential for arbitrary file writes, this vulnerability should be remediated as a top priority. Administrators must update to version 1.10.1 to ensure that input sanitization is correctly enforced within the APIRequest component.