CVE-2026-42867 in langflow
Summary
by MITRE • 06/23/2026
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw to create directories and write files anywhere on the server's filesystem. This vulnerability is fixed in 1.9.0.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/23/2026
The vulnerability identified in Langflow versions prior to 1.9.0 represents a critical path traversal flaw within the Knowledge Bases API, specifically affecting the POST /api/v1/knowledge_bases endpoint. This security weakness stems from inadequate input validation and sanitization mechanisms that fail to properly constrain user-supplied data when constructing file system paths. The flaw allows authenticated attackers with access to the knowledge base functionality to manipulate file path construction through maliciously crafted knowledge base names, bypassing normal file system access controls and containment measures.
The technical implementation of this vulnerability occurs when the application directly incorporates user-provided knowledge base names into file system operations without proper sanitization or validation. This pattern creates an environment where attackers can inject directory traversal sequences such as '../' or similar constructs that allow them to navigate beyond the intended directory boundaries. The lack of proper path containment checks means that legitimate file system operations intended for restricted directories can be redirected to arbitrary locations on the server's file system, potentially enabling attackers to create new directories, write files, or even overwrite critical system components.
The operational impact of this vulnerability extends far beyond simple data exposure, as it provides authenticated attackers with the capability to perform arbitrary file system modifications on the affected server. This could enable attackers to establish persistent backdoors, modify application configuration files, inject malicious code into the application's execution path, or gain access to sensitive data stored in locations outside the intended knowledge base storage areas. The vulnerability essentially grants attackers root-like privileges within the application's file system boundaries, making it particularly dangerous for production environments where Langflow might be running with elevated privileges.
The security implications of this flaw align with common weakness enumerations such as CWE-22 Path Traversal and CWE-73 Path Traversal in the context of API endpoints. This vulnerability also maps to several ATT&CK techniques including T1059 Command and Scripting Interpreter for executing malicious code through file system modifications, T1486 Data Encrypted for Ransomware operations, and T1566 Phishing for initial access that could lead to exploitation of authenticated API endpoints. Organizations using Langflow should immediately implement the mitigation provided in version 1.9.0, which includes proper input sanitization of user-supplied knowledge base names, implementation of strict path containment rules, and enforcement of directory traversal prevention measures. Additionally, system administrators should conduct thorough security reviews of all API endpoints that handle file system operations and implement comprehensive monitoring for suspicious file system activities that could indicate exploitation attempts.