Attackers have begun actively exploiting a high-severity vulnerability in Langflow, tracked as CVE-2026-5027, which enables remote code execution via a path traversal flaw in the platform’s file upload functionality.
The issue, disclosed by Tenable under advisory TRA-2026-26, affects the POST /api/v2/files endpoint, where improper sanitization of the filename parameter allows attackers to write arbitrary files anywhere on the underlying filesystem using directory traversal sequences such as ../.
The vulnerability carries a CVSS v3 score of 8.8, reflecting its low attack complexity and high impact on confidentiality, integrity, and availability.
Critical Langflow Flaw
Security researchers warn that exploitation is particularly dangerous due to Langflow’s default configuration, which permits unauthenticated auto-login.
This behavior allows attackers to obtain a valid session token with a single unauthenticated request, effectively removing authentication barriers and enabling rapid exploitation at scale.
According to VulnCheck, real-world exploitation attempts have already been observed, with attackers leveraging the flaw to write files onto targeted systems, likely as a precursor to further payload deployment or persistence mechanisms.
The vulnerability can be chained into full remote code execution by writing malicious scripts or modifying existing application components, depending on filesystem permissions.
Because the flaw allows arbitrary file placement, attackers could overwrite critical files, implant backdoors, or drop web shells, significantly increasing the risk to exposed environments.
Observed activity so far includes the creation of test files, indicating early-stage reconnaissance or proof-of-exploitation campaigns. However, the potential for more sophisticated attacks remains high.
Internet exposure further amplifies the risk. Data from Censys indicates that approximately 7,000 Langflow instances are currently accessible online, with the highest concentration located in North America.
These publicly exposed systems represent a substantial attack surface, particularly given the lack of an available patch or official mitigation at the time of disclosure. Tenable noted that repeated attempts to contact the vendor between January and March 2026 did not yield a response before the public release.
This vulnerability is part of a broader pattern of security issues affecting Langflow in recent months. Multiple flaws, including CVE-2026-0770, CVE-2026-21445, and CVE-2026-33017, have also been exploited in 2026.
Additionally, CVE-2025-34291, disclosed late last year, was reportedly exploited by the Iranian-linked threat group MuddyWater, highlighting the platform’s growing appeal as a target for advanced threat actors, as reported by Security Researcher in LinkedIN.
With no official fix currently available, organizations using Langflow are advised to take immediate defensive measures.
Recommended actions include restricting external access to Langflow instances, implementing network-level controls, monitoring file system activity for unauthorized changes, and deploying web application firewalls to block suspicious requests containing path traversal patterns.
Continuous monitoring for indicators of compromise is critical, as exploitation activity is already underway and likely to escalate in the coming weeks.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
