| عنوان | Langflow <= 1.1.0 Unrestricted Upload of File with Dangerous Type |
|---|
| الوصف | # Technical Details
An unauthenticated arbitrary file upload vulnerability exists in Langflow due to a deprecated "zombie" API endpoint that remains active. The `/api/v1/upload/{flow_id}` endpoint fails to implement any authentication or ownership validation, allowing any remote user to arbitrarily upload files directly to the server's disk.
# Vulnerable Code
File: `src/backend/base/langflow/api/v1/endpoints.py`
Method: `create_upload_file` (Route: `/upload/{flow_id}`)
Why: The route is marked as `deprecated=True` but still functional. Unlike the new secure API routes (which properly use `Depends(get_current_active_user)` and `Depends(get_flow)`), this deprecated endpoint simply lacks FastAPI dependency injection for authentication checks, processing the uploaded `UploadFile` unauthenticated.
# Reproduction
1. An unauthenticated remote attacker starts an HTTP client.
2. The attacker generates a random UUID as a dummy `flow_id`.
3. The attacker issues a POST request to `http://<target-langflow-server>:7860/api/v1/upload/<dummy_flow_id>` uploading a dummy file.
4. The server accepts the upload, responds with HTTP 201 Created, and saves the file permanently on the host's filesystem without ever challenging for credentials.
# Impact
- Denial of Service (DoS) through disk exhaustion (uploading massive files).
- Inode exhaustion (uploading massive numbers of small files).
- The server can be abused as malicious file hosting infrastructure by remote attackers.
|
|---|
| المصدر | ⚠️ https://gist.github.com/chenhouser2025/c2aabfdee41009cfe45d28a9924742a0 |
|---|
| المستخدم | Eric-d (UID 96861) |
|---|
| ارسال | 28/03/2026 02:34 PM (23 أيام منذ) |
|---|
| الاعتدال | 19/04/2026 03:47 PM (22 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358231 [langflow-ai langflow حتى 1.1.0 API Endpoint endpoints.py create_upload_file تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|