CVE-2026-5027
published 2026-03-27CVE-2026-5027: The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary…
PriorityP184high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
2.10%
79.4th percentile
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langflow-ai | langflow | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path../../../../../../../../../tmp/
commandfilename=../../../../../../../../../tmp/<randstr>.txt in multipart POST /api/v2/files
sigma
shodan-query: title:"Langflow" | fofa-query: title="Langflow"
- →Detect unauthenticated auto-login token harvest: a single GET to /api/v1/auto_login returning an access_token, immediately followed by a POST to /api/v2/files with a path-traversal filename, is the two-step exploit chain. ↗
- →Alert on multipart form-data file uploads to /api/v2/files where the filename parameter contains '../' (path traversal sequences). ↗
- →Monitor for HTTP 201 responses from /api/v2/files containing JSON fields 'id', 'name', and 'path' — this is the server-side confirmation of a successful (potentially malicious) file write.
- →Honeypot telemetry shows attackers dropping test files on vulnerable instances; hunt for unexpected new files in /tmp or other world-writable directories on Langflow hosts. ↗
- →Langflow instances with the title 'Langflow' exposed on the internet (approx. 7,000 per Censys) are the target population; use Shodan/FOFA queries title:"Langflow" to identify exposed assets. ↗
- ·The vulnerability affects Langflow <= 1.8.4 (langflow-base <= 0.8.2). Patched versions are langflow-base 0.8.3 and Langflow application 1.9.0 (latest recommended: 1.10.0). Ensure version checks in detection/inventory reflect these boundaries. ↗
- ·Censys exposure data includes historical scan results from the previous 12 months and may overstate the number of currently exposed instances; use real-time scans for accurate asset counts. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wr3v-m658-mf42: The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbi
ghsa_unreviewed·2026-03-27
CVE-2026-5027 [HIGH] CWE-22 GHSA-wr3v-m658-mf42: The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbi
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').
VulnCheck
langflow langflow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2026·CVSS 8.8
CVE-2026-5027 [HIGH] langflow langflow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
langflow langflow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').
Affected: langflow langflow
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2026-5027&date=2026-06-08
Exploit PoC: https://vulncheck.com/xdb/29b343b4afaf; https://vulncheck.com/xdb/812e19ecfa4f; https://vulncheck.com/xdb/98045a28f25c
No detection rules found.
Nuclei
Langflow <= 1.8.4 - Path Traversal to RCE via File Upload
nuclei·CVSS 8.8
CVE-2026-5027 [HIGH] Langflow <= 1.8.4 - Path Traversal to RCE via File Upload
Langflow <= 1.8.4 - Path Traversal to RCE via File Upload
The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request.
Template:
id: CVE-2026-5027
info:
name: Langflow <= 1.8.4 - Path Traversal to RCE via File Upload
author: pussycat0x
severity: high
description: |
The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request.
impact: |
Attackers can write files to arbitrary locations, potentially leading to system comprom
Hackernews
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
blogs_hackernews·2026-06-15·CVSS 8.8
CVE-2026-11645 [HIGH] ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.
This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point.
Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week.
## ⚡ Threat of the Week
Google Patches Actively Exploited Chrome 0-Day - G
Hackernews
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
blogs_hackernews·2026-06-10·CVSS 8.8
CVE-2026-5027 [HIGH] Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.
The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.
"The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the fi
Bleepingcomputer
Path traversal flaw in AI dev platform Langflow exploited in attacks
blogs_bleepingcomputer·2026-06-10·CVSS 9.8
CVE-2026-5027 [CRITICAL] Path traversal flaw in AI dev platform Langflow exploited in attacks
## Path traversal flaw in AI dev platform Langflow exploited in attacks
## Bill Toulas
CVE-2026-5027 is a high-severity path traversal flaw in Langflow's file upload functionality that fails to properly sanitize user-supplied filenames.
"The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../')," explains Tenable , which discovered the flaw at the start of the year.
Tenable publicly disclosed the issue on March 27, 2026, more than two months after initially reporting it to the Langflow team without receiving a response.
Although Tenable did not mention a fix in its advisory, Snyk Security reported on March 30, 2026, that t
2026-03-27
Published
Exploited in the wild