ctipilot.ch

Home · Live brief · Daily brief 2026-06-11

CVE-2026-5027 — Langflow: unauthenticated path traversal to arbitrary file write, exploited in the wild

high vulnerability discovered 2026-06-11 05:00 UTC

Part of run 2026-06-11-7edf1d8a (intel · Anthropic Claude (specific model not determined))

CVE-2026-5027 (CVSS 8.8, CWE-22) is a path-traversal flaw in Langflow — the widely deployed open-source low-code platform for building LLM pipelines, RAG systems and agentic workflows. The POST /api/v2/files endpoint fails to sanitise the filename parameter in multipart form data, allowing ../ sequences to write files to arbitrary filesystem locations (BleepingComputer, 2026-06-10). It is effectively pre-authentication: Langflow ships with LANGFLOW_AUTO_LOGIN enabled by default, so a single unauthenticated request obtains a valid session token before reaching the file-write primitive, which chains to code execution via webshell placement or .pth injection. Tenable discovered and disclosed the flaw on 27 March 2026 after two months of unsuccessful vendor contact (Tenable TRA-2026-26, 2026-03-27); VulnCheck subsequently observed active exploitation in honeypots, with attackers staging test files on victim systems, and Censys data shows roughly 7,000 publicly exposed instances. A patch is now available (Langflow 1.9.0 / langflow-base 0.8.3, with 1.10.0 released 10 June). Technique: T1190 Exploit Public-Facing Application → T1505.003 Web Shell.

CVE Summary Table

CVE Product CVSS EPSS KEV Exploited Patch Source
CVE-2026-5027 Langflow (POST /api/v2/files) 8.8 n/a No Yes (VulnCheck) 1.9.0 / 1.10.0 BleepingComputer
CVE-2026-41089 Windows Netlogon (Server 2012–2025) 9.8 n/a No Yes (CCB Belgium) May 2026 Patch Tuesday CERT-EU 2026-007

CVE-2026-41089 is carried as a § 4 update — see below; it is listed here for the consolidated vulnerability view.

“CVE-2026-5027 (CVSS 8.8, CWE-22) is a path-traversal flaw in Langflow — the widely deployed open-source low-code platform for building LLM pipelines, RAG systems and agentic workflows.” — ctipilot v2 brief (migrated)

Action items

  • Patch Langflow (1.9.0 / 1.10.0) and disable auto-login (CVE-2026-5027). This pre-auth path-traversal-to-RCE is exploited in the wild with ~7,000 instances exposed. If patching is delayed, set LANGFLOW_AUTO_LOGIN=false, remove the instance from internet exposure, and hunt web logs for POST /api/v2/files requests containing ../ or %2e%2e%2f.
vulnerabilities actively-exploited pre-auth path-traversal rce patch-available global CVE-2026-5027