Vulnerability Details
A critical unpatched security vulnerability in the open source Langflow platform is being actively exploited in the wild. The flaw, tracked as CVE-2026-5027 with a CVSS score of 8.8, is a path traversal issue in the “/api/v2/files” endpoint. This endpoint fails to sanitize the filename parameter from multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem by using path traversal sequences like “../”.
Researchers at Tenable discovered the flaw and attempted to contact the project maintainers three times in January and February 2026 before publicly disclosing the details on March 27. The vulnerability is especially dangerous because Langflow enables unauthenticated auto-login by default, meaning no credentials are required to reach the vulnerable endpoint. A single unauthenticated request can obtain a valid session token and proceed with exploitation.
Impact and Scope
VulnCheck confirmed that the vulnerability enables remote code execution. So far, exploitation attempts have been observed writing test files to victim systems. This attack follows a pattern of increasing exploitation activity targeting other Langflow vulnerabilities this year, including CVE-2026-0770, CVE-2026-33017, CVE-2026-21445, and CVE-2025-34291. The latter was weaponized by the Iranian state sponsored group MuddyWater.
Censys data reveals approximately 7,000 Langflow instances are publicly exposed on the internet, with the majority located in North America. The trend highlights attackers increasingly targeting the infrastructure and tooling used to build and deploy AI applications, making this a widespread concern for organizations using low-code AI platforms.
Source: The Hacker News
