PYSEC-2026-79

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/langflow/PYSEC-2026-79.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2026-79

Aliases

Published

2026-03-24T13:16:02.983Z

Modified

2026-05-20T09:19:04.514929Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer ValidatedFileName dependency. This defense-in-depth failure leaves the POST /api/v2/files/ endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix.

References

https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c

Affected packages

PyPI / langflow

Package

Name: langflow; View open source insights on deps.dev
Purl: pkg:pypi/langflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

1.9.0

Affected versions

1.*

1.2.0

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4.0

1.4.1

1.4.2

1.4.3

1.5.0

1.5.0.post1

1.5.0.post2

1.5.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7.0

1.7.1

1.7.2

1.7.3

1.8.0rc0

1.8.0rc1

1.8.0rc2

1.8.0rc3

1.8.0rc4

1.8.0rc5

1.8.0rc6

1.8.0

1.8.1

1.8.2

1.8.3rc0

1.8.3

1.8.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/langflow/PYSEC-2026-79.yaml"