CVE-2026-33309
published 2026-03-24CVE-2026-33309: Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478…
PriorityP270critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
1.42%
69.4th percentile
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langflow | langflow | >= 1.2.0 < 1.9.0 | 1.9.0 |
| langflow | langflow | >= 1.2.0 < 1.9.0 | 1.9.0 |
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
ghsa7.1HIGH
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Langflow has an Arbitrary File Write (RCE) via v2 API
osv·2026-03-19·CVSS 7.1
CVE-2026-33309 [HIGH] Langflow has an Arbitrary File Write (RCE) via v2 API
Langflow has an Arbitrary File Write (RCE) via v2 API
### Summary
While reviewing the recent patch for **CVE-2025-68478** (External Control of File Name in v1.7.1), I discovered that the root architectural issue within `LocalStorageService` remains unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency.
This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE).
### Details
The vulnerability exists in two layers:
1. **API Layer (`src/backend/base/langflow/
GHSA
Langflow has an Arbitrary File Write (RCE) via v2 API
ghsa·2026-03-19·CVSS 7.1
CVE-2026-33309 [HIGH] CWE-22 Langflow has an Arbitrary File Write (RCE) via v2 API
Langflow has an Arbitrary File Write (RCE) via v2 API
### Summary
While reviewing the recent patch for **CVE-2025-68478** (External Control of File Name in v1.7.1), I discovered that the root architectural issue within `LocalStorageService` remains unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency.
This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE).
### Details
The vulnerability exists in two layers:
1. **API Layer (`src/backend/base/langflow/
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
blogs_hackernews·2026-05-11·CVSS 9.3
CVE-2026-6973 [CRITICAL] ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.
Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped over root access by accident and decided to stay there.
The weird part is how normal this all sounds now. Fake updates. Quiet backdoors. Remote tools are used like skeleton keys. Forum rats swapping st
Wiz
CVE-2026-33309 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-33309 [CRITICAL] CVE-2026-33309 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33309 :
Homebrew vulnerability analysis and mitigation
LocalStorageService
ValidatedFileName
POST /api/v2/files/
Source : NVD
## 9.9
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
Homebrew
LangFlow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
langflow
Sources
NVD
pip Severity CRITICAL Has Fix Added at: Mar 20, 2026
Homebrew Severity CRITICAL Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Homebrew vulnerabilities:
2026-03-24
Published