Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix.

INFO

Published Date :

2026-03-24T12:49:16.276Z

Last Modified :

2026-03-25T03:55:47.098Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33309 vulnerability.

Vendors Products
Langflow
  • Langflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33309.

URL Resource
https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact