Langflow has an Arbitrary File Write (RCE) via v2 API
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer ValidatedFileName dependency. This defense-in-depth failure leaves the POST /api/v2/files/ endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langflowPyPI | >= 1.2.0, < 1.9.0 | 1.9.0 |
Affected products
2- Range: >= 1.2.0, < 1.9.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-g2j9-7rj2-gm6cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33309ghsaADVISORY
- github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6cghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2026-79.yamlghsaWEB
News mentions
1- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026