CVE-2026-13445 in Langflow
Summary
by MITRE • 07/18/2026
IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the attacker's workflow reads victim file contents, appends attacker-controlled data, and uploads a copy containing victim data to the attacker's namespace (confidentiality breach). In overwrite mode, the attacker can replace victim file contents with arbitrary data (integrity breach). This breaks the storage ownership boundary between users.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/18/2026
This vulnerability exists within IBM Langflow Open Source Software versions 1.0.0 through 1.10.1 and represents a critical authorization bypass flaw that undermines fundamental security boundaries between user accounts. The issue stems from improper input validation within the SaveToFile component which fails to properly sanitize file path specifications provided by authenticated users. When attackers leverage this weakness, they can manipulate absolute file paths to target resources owned by other users, effectively breaking the isolation mechanisms that should protect user data in multi-tenant environments.
The technical exploitation occurs through two distinct attack vectors that demonstrate different aspects of the same underlying vulnerability. In append mode, the attacker's workflow first reads the contents of a victim file, then appends malicious data to it, and finally uploads a modified copy to their own namespace while preserving the original victim content. This creates a confidentiality breach where sensitive information can be extracted without proper authorization. In overwrite mode, the attacker can completely replace victim file contents with arbitrary data, constituting an integrity breach that allows for data corruption or malicious modification of user resources.
The vulnerability directly maps to CWE-22 Path Traversal and CWE-73 Path Traversal in a File Name Context, which are well-established categories for attacks involving unauthorized access to files through manipulation of file path references. The security implications extend beyond simple file access violations as this flaw enables attackers to circumvent storage ownership boundaries that are fundamental to maintaining user privacy and data protection in shared computing environments. This type of vulnerability is particularly concerning because it allows authenticated users to escalate their privileges and access resources they should not be authorized to modify or read.
From an operational impact perspective, this vulnerability creates a significant risk for organizations using IBM Langflow in production environments where multiple users share the same system or platform. The attack can result in unauthorized data exfiltration, modification of critical workflow components, and potential compromise of sensitive information stored by other users. The breach of storage ownership boundaries means that attackers can systematically target specific user resources or perform reconnaissance across the entire user base, depending on their access level and the underlying file system structure.
The mitigation strategies should focus on implementing proper input validation and sanitization for all file path parameters within the SaveToFile component. Organizations must ensure that absolute paths are properly validated against allowed directories and that users cannot specify arbitrary file locations outside of their designated storage spaces. Additionally, privilege separation mechanisms should be enforced to prevent authenticated users from accessing files belonging to other accounts. Implementing proper access controls at the file system level and employing principle of least privilege for workflow components will help prevent such unauthorized access patterns. The solution aligns with ATT&CK technique T1078 Valid Accounts which emphasizes the importance of maintaining proper account isolation and access controls in preventing unauthorized resource access.