CVE-2026-7524

Vulnerability

CVE-2026-7524 is a path traversal vulnerability (CWE-22) in the _unpack_bundle function of Langflow OSS versions 1.0.0 through 1.9.1. The function improperly validates symbolic links during archive extraction, allowing an attacker to craft a malicious tar file containing symlinks pointing to arbitrary files on the system [1].

Exploitation

An attacker can upload a malicious tar file to a Langflow OSS deployment that uses file processing components (e.g., Docling, Read File, Unstructured API) in a RAG chatbot scenario. The tar archive contains symlinks targeting sensitive files such as the JWT secret key. When extracted, the symlinked files are processed and stored in the vector database. The attacker can then query the chatbot to retrieve the contents of those sensitive files [1].

Impact

Successful exploitation allows the attacker to read arbitrary files, including the JWT secret key. With this key, the attacker can forge JWT tokens to bypass authentication and then execute arbitrary code via the Python Interpreter node, achieving remote code execution. The CVSS v3 score is 9.8 (Critical) with high impact on confidentiality, integrity, and availability [1].

Mitigation

As of the publication date, IBM has not released a patch for CVE-2026-7524. The security bulletin notes no workarounds or mitigations are available [1]. Administrators should monitor IBM's support page for updates.