The AI development platform Langflow is under siege as attackers exploit a high-severity path traversal vulnerabilityidentified as CVE-2026-5027. This flaw allows malicious actors to write arbitrary files on exposed servers, posing a significant risk to organizations using the platform. Langflow, known for its drag-and-drop interface for building AI applications, has garnered widespread adoption, with over 149,000 stars and 9,200 forks on GitHub.
The vulnerability, discovered by Tenablestems from a failure to sanitize user-supplied filenames in the file upload functionality. According to Tenable’s findings, the ‘POST /api/v2/files’ endpoint does not properly sanitize the ‘filename’ parameter, enabling attackers to write files to arbitrary locations on the filesystem using path traversal sequences. Tenable publicly disclosed the issue on March 27, 2026after receiving no response from the Langflow team despite multiple attempts to report the flaw.
Exploitation Details and Mitigation
Despite the lack of an explicit fix mentioned in Tenable’s advisory, Snyk Security reported that the issue was addressed in the langflow-base package version 0.8.3with the Langflow application itself receiving a patch in version 1.9.0. However, the vulnerability has already been actively exploited in the wild. VulnCheck security researcher Caitlin Condon revealed that their honeypots detected attackers dropping test files on vulnerable instances.
Condon emphasized that Langflow’s default configuration enables unauthenticated auto-loginallowing attackers to reach the vulnerable endpoint without credentials. A single unauthenticated request is sufficient to obtain a valid session token, facilitating further exploitation. According to Censys scans, approximately 7,000 publicly exposed Langflow instances were identified, although this data may include historical results and not accurately reflect the current exposure.
The Broader Landscape of Langflow Vulnerabilities
The exploitation of CVE-2026-5027 is not an isolated incident. Earlier this year, similar activities targeted other Langflow vulnerabilities, including CVE-2026-0770, CVE-2026-21445, and CVE-2026-33017. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) also warned about active exploitation of CVE-2026-3248, with ongoing activity observed by VulnCheck, including links to the Iranian threat group MuddyWater.
In response to these threats, Langflow users are strongly advised to upgrade to the latest release, version 1.10.0published on June 10, 2026. This update addresses the critical vulnerability and enhances the platform’s security posture. Organizations using Langflow should prioritize applying this patch to mitigate the risk of exploitation.
The active exploitation of CVE-2026-5027 underscores the growing trend of attackers targeting the infrastructure and tooling used to build and deploy AI applications. As AI development platforms become more prevalent, ensuring their security is paramount to protecting sensitive data and maintaining operational integrity.
