CVE-2026-33309
- Source
- https://cve.org/CVERecord?id=CVE-2026-33309
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33309.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-33309
- Aliases
- Downstream
- Published
- 2026-03-24T12:49:16.276Z
- Modified
- 2026-05-20T08:11:05.518860646Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Langflow has an Arbitrary File Write (RCE) via v2 API
- Details
-
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within
LocalStorageServiceremaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layerValidatedFileNamedependency. This defense-in-depth failure leaves thePOST /api/v2/files/endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-22", "CWE-284", "CWE-73", "CWE-94" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33309.json" }- References