Overview
- Tenable discovered the high‑severity path traversal bug and publicly disclosed it as CVE-2026-5027 on March 27, 2026.
- The flaw stems from the 'POST /api/v2/files' endpoint failing to sanitize the filename parameter so attackers can use '../' sequences to write files to arbitrary locations on the host.
- Langflow’s default unauthenticated auto-login lets a single unauthenticated request obtain a valid session token, which lowers the barrier to exploiting the vulnerable upload endpoint.
- VulnCheck researchers say they have observed in-the-wild exploitation that drops test files on vulnerable servers and Censys scans cited roughly 7,000 publicly exposed Langflow instances, though that figure may include historical results.
- Fixes are available in langflow-base 0.8.3 and Langflow 1.9.0 with users advised to upgrade to 1.10.0 and to remove public exposure because unpatched instances risk remote code execution and further targeting of AI development tooling.