| Título | Langflow <= 1.1.0 Unrestricted Upload of File with Dangerous Type |
|---|
| Descrição | # Technical Details
An unauthenticated arbitrary file upload vulnerability exists in Langflow due to a deprecated "zombie" API endpoint that remains active. The `/api/v1/upload/{flow_id}` endpoint fails to implement any authentication or ownership validation, allowing any remote user to arbitrarily upload files directly to the server's disk.
# Vulnerable Code
File: `src/backend/base/langflow/api/v1/endpoints.py`
Method: `create_upload_file` (Route: `/upload/{flow_id}`)
Why: The route is marked as `deprecated=True` but still functional. Unlike the new secure API routes (which properly use `Depends(get_current_active_user)` and `Depends(get_flow)`), this deprecated endpoint simply lacks FastAPI dependency injection for authentication checks, processing the uploaded `UploadFile` unauthenticated.
# Reproduction
1. An unauthenticated remote attacker starts an HTTP client.
2. The attacker generates a random UUID as a dummy `flow_id`.
3. The attacker issues a POST request to `http://<target-langflow-server>:7860/api/v1/upload/<dummy_flow_id>` uploading a dummy file.
4. The server accepts the upload, responds with HTTP 201 Created, and saves the file permanently on the host's filesystem without ever challenging for credentials.
# Impact
- Denial of Service (DoS) through disk exhaustion (uploading massive files).
- Inode exhaustion (uploading massive numbers of small files).
- The server can be abused as malicious file hosting infrastructure by remote attackers.
|
|---|
| Fonte | ⚠️ https://gist.github.com/chenhouser2025/c2aabfdee41009cfe45d28a9924742a0 |
|---|
| Utilizador | Eric-d (UID 96861) |
|---|
| Submissão | 28/03/2026 14h34 (há 23 dias) |
|---|
| Moderação | 19/04/2026 15h47 (22 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 358231 [langflow-ai langflow até 1.1.0 API Endpoint endpoints.py create_upload_file Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|