Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hqmp-tfuk-1uh9
Vulnerability ID VCID-hqmp-tfuk-1uh9
Aliases CVE-2026-33309
GHSA-g2j9-7rj2-gm6c
PYSEC-2026-79
Summary Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-284 Improper Access Control
System Score Found at
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2026-33309
cvssv3.1 9.9 https://github.com/langflow-ai/langflow
generic_textual CRITICAL https://github.com/langflow-ai/langflow
cvssv3.1 10 https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
cvssv3.1 9.9 https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
generic_textual CRITICAL https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
ssvc Track* https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
cvssv3.1 9.9 https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2026-79.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2026-79.yaml
cvssv3.1 9.9 https://nvd.nist.gov/vuln/detail/CVE-2026-33309
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2026-33309
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-33309
https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2026-79.yaml
https://nvd.nist.gov/vuln/detail/CVE-2026-33309
GHSA-g2j9-7rj2-gm6c https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/langflow-ai/langflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-24T17:47:04Z/ Found at https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2026-79.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-33309
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.20427
EPSS Score 0.00065
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:49:44.308961+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/33xxx/CVE-2026-33309.json 38.6.0