| Title | Langflow <= 1.1.0 Unrestricted Upload of File with Dangerous Type |
|---|
| Description | # Technical Details
An unauthenticated arbitrary file upload vulnerability exists in Langflow due to a deprecated "zombie" API endpoint that remains active. The `/api/v1/upload/{flow_id}` endpoint fails to implement any authentication or ownership validation, allowing any remote user to arbitrarily upload files directly to the server's disk.
# Vulnerable Code
File: `src/backend/base/langflow/api/v1/endpoints.py`
Method: `create_upload_file` (Route: `/upload/{flow_id}`)
Why: The route is marked as `deprecated=True` but still functional. Unlike the new secure API routes (which properly use `Depends(get_current_active_user)` and `Depends(get_flow)`), this deprecated endpoint simply lacks FastAPI dependency injection for authentication checks, processing the uploaded `UploadFile` unauthenticated.
# Reproduction
1. An unauthenticated remote attacker starts an HTTP client.
2. The attacker generates a random UUID as a dummy `flow_id`.
3. The attacker issues a POST request to `http://<target-langflow-server>:7860/api/v1/upload/<dummy_flow_id>` uploading a dummy file.
4. The server accepts the upload, responds with HTTP 201 Created, and saves the file permanently on the host's filesystem without ever challenging for credentials.
# Impact
- Denial of Service (DoS) through disk exhaustion (uploading massive files).
- Inode exhaustion (uploading massive numbers of small files).
- The server can be abused as malicious file hosting infrastructure by remote attackers.
|
|---|
| Source | ⚠️ https://gist.github.com/chenhouser2025/c2aabfdee41009cfe45d28a9924742a0 |
|---|
| User | Eric-d (UID 96861) |
|---|
| Submission | 03/28/2026 14:34 (24 days ago) |
|---|
| Moderation | 04/19/2026 15:47 (22 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 358231 [langflow-ai langflow up to 1.1.0 API Endpoint endpoints.py create_upload_file unrestricted upload] |
|---|
| Points | 20 |
|---|