CVE-2026-8859 in Langflow
Summary
by MITRE • 07/17/2026
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HTTP response Content-Disposition headers are not sanitized before being joined to the temporary directory path. An attacker controlling an external HTTP server can supply crafted filename values containing path traversal sequences (e.g., ../), enabling arbitrary file writes to locations accessible by the Langflow process.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/18/2026
This vulnerability resides within IBM Langflow Open Source Software versions 1.0.0 through 1.10.0, specifically affecting the APIRequest component that handles file saving functionality. The core issue manifests as a path traversal flaw that arises from inadequate input validation mechanisms when processing filenames from HTTP response headers. When the "Save to File" feature is activated, the system extracts filename information from Content-Disposition headers without proper sanitization, creating an exploitable condition that allows malicious actors to manipulate file paths through crafted HTTP responses.
The technical exploitation occurs through manipulation of HTTP response Content-Disposition headers where attackers can inject path traversal sequences such as ../ into the filename values. This vulnerability maps directly to CWE-22 Path Traversal and aligns with ATT&CK technique T1059.007 Command and Scripting Interpreter: PowerShell, as it enables arbitrary file writing operations that could lead to further system compromise. The flaw specifically impacts how the Langflow process handles temporary file creation, where unsanitized user-supplied filenames are concatenated with the temporary directory path without proper validation or sanitization checks.
The operational impact of this vulnerability extends beyond simple unauthorized file creation, as it provides attackers with potential persistence mechanisms and privilege escalation opportunities. When an attacker controls an external HTTP server, they can craft malicious responses that force Langflow to write files to arbitrary locations accessible by the executing process, potentially including system directories, configuration files, or other sensitive locations. This weakness creates a significant risk for environments where Langflow operates with elevated privileges or where temporary file paths are not properly restricted.
Mitigation strategies should focus on implementing robust input validation and sanitization of all filename values extracted from HTTP headers before any file operations occur. The system should employ strict path validation that rejects filenames containing path traversal sequences, implement proper directory traversal checks, and ensure that all temporary file operations occur within controlled sandboxed environments. Additionally, organizations should consider implementing network segmentation to limit access to external HTTP servers that might be used for exploitation, while also monitoring for unusual file creation patterns in temporary directories. The vulnerability demonstrates the critical importance of validating all external inputs and implementing proper secure coding practices to prevent path traversal attacks that can lead to arbitrary code execution or data compromise.