| 标题 | Langflow <= 1.1.0 Unrestricted Upload of File with Dangerous Type |
|---|
| 描述 | # Technical Details
An unauthenticated arbitrary file upload vulnerability exists in Langflow due to a deprecated "zombie" API endpoint that remains active. The `/api/v1/upload/{flow_id}` endpoint fails to implement any authentication or ownership validation, allowing any remote user to arbitrarily upload files directly to the server's disk.
# Vulnerable Code
File: `src/backend/base/langflow/api/v1/endpoints.py`
Method: `create_upload_file` (Route: `/upload/{flow_id}`)
Why: The route is marked as `deprecated=True` but still functional. Unlike the new secure API routes (which properly use `Depends(get_current_active_user)` and `Depends(get_flow)`), this deprecated endpoint simply lacks FastAPI dependency injection for authentication checks, processing the uploaded `UploadFile` unauthenticated.
# Reproduction
1. An unauthenticated remote attacker starts an HTTP client.
2. The attacker generates a random UUID as a dummy `flow_id`.
3. The attacker issues a POST request to `http://<target-langflow-server>:7860/api/v1/upload/<dummy_flow_id>` uploading a dummy file.
4. The server accepts the upload, responds with HTTP 201 Created, and saves the file permanently on the host's filesystem without ever challenging for credentials.
# Impact
- Denial of Service (DoS) through disk exhaustion (uploading massive files).
- Inode exhaustion (uploading massive numbers of small files).
- The server can be abused as malicious file hosting infrastructure by remote attackers.
|
|---|
| 来源 | ⚠️ https://gist.github.com/chenhouser2025/c2aabfdee41009cfe45d28a9924742a0 |
|---|
| 用户 | Eric-d (UID 96861) |
|---|
| 提交 | 2026-03-28 14時34分 (24 日前) |
|---|
| 管理 | 2026-04-19 15時47分 (22 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 358231 [langflow-ai langflow 直到 1.1.0 API Endpoint endpoints.py create_upload_file 权限提升] |
|---|
| 积分 | 20 |
|---|