Path Traversal Flaw in Langflow Actively Exploited

Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers.

Langflow sees widespread adoption among AI teams. The open-source visual platform allows building AI applications, AI agents, Retrieval-Augmented Generation systems, and MCP-based workflows using a drag-and-drop interface. It has accumulated more than 149,000 stars and 9,200 forks on GitHub.

Tenable discovered the flaw at the start of 2026. The vulnerability resides in Langflow's file upload functionality, which fails to properly sanitize user-supplied filenames. The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

Public disclosure followed months of silence from maintainers. Tenable reported the issue to the Langflow team at the start of the year without receiving a response. The firm publicly disclosed CVE-2026-5027 on March 27, 2026.

Patches arrived shortly after disclosure. Snyk Security reported on March 30, 2026, that the issue was fixed in the langflow-base package version 0.8.3. The Langflow application itself received a patch in version 1.9.0.

Honeypots confirm active exploitation in the wild. VulnCheck security researcher Caitlin Condon said their honeypots have detected attackers exploiting the vulnerability to drop test files on vulnerable instances. Because Langflow enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint, and a single unauthenticated request is sufficient to obtain a valid session token before proceeding with exploitation.

Roughly 7,000 instances remain publicly exposed. Censys scans identified roughly 7,000 publicly exposed Langflow instances, though the data includes historical scan results from the previous 12 months and may not accurately reflect the number of systems currently exposed. Exploitation of CVE-2026-5027 comes shortly after similar activity targeting other Langflow vulnerabilities earlier this year, including CVE-2026-0770, CVE-2026-21445, and CVE-2026-33017.

Langflow users should upgrade immediately. The project published version 1.10.0 earlier today. Users are recommended to upgrade to the latest release.