🚨 BREAKING

CVE-2026-42048: Langflow Path Traversal Exposes Servers to Arbitrary Deletion

/CRITICAL /CVSS 9.6/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitypath-traversalcwe-22
CVE-2026-42048: Langflow Path Traversal Exposes Servers to Arbitrary Deletion

A critical path traversal vulnerability, CVE-2026-42048, has been identified in Langflow, a tool for building AI agents and workflows. The National Vulnerability Database reports that versions prior to 1.9.0 are susceptible to this flaw within the Knowledge Bases API (DELETE /api/v1/knowledge_bases). The issue stems from inadequate sanitization of user-supplied knowledge base names, which are directly concatenated into file paths.

This oversight allows an authenticated attacker to manipulate file paths, enabling the deletion of arbitrary directories across the server’s filesystem. The National Vulnerability Database assigns this vulnerability a CVSS score of 9.6 (CRITICAL), highlighting its severe impact, which includes potential data loss and significant service disruption. The attacker’s calculus here is straightforward: gain authenticated access, then leverage this flaw for maximum destructive impact, potentially wiping critical system components or sensitive data.

Defenders must recognize that an attacker only needs legitimate user credentials to wreak havoc. This isn’t a pre-auth bug, but the post-auth impact is catastrophic. The fix is available in Langflow version 1.9.0. Organizations using Langflow should prioritize immediate patching to mitigate this severe risk and prevent unauthorized deletion of critical data.

What This Means For You

  • If your organization uses Langflow for AI agent development, you are exposed. Immediately verify your Langflow version. If it's prior to 1.9.0, patch to 1.9.0 without delay. Audit your Langflow server logs for any suspicious DELETE requests to the /api/v1/knowledge_bases endpoint, especially those with unusual path structures, to detect potential exploitation.

Related ATT&CK Techniques

T1053.003 Scheduled Task/Job: Cron Privilege Escalation T1561.002 Disk Wipe: Disk Content Wiping Impact T1083 File and Directory Discovery Discovery

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1561.002 Impact

CVE-2026-42048: Langflow Path Traversal - Arbitrary File Deletion Attempt

Sigma YAML — free preview 
title: CVE-2026-42048: Langflow Path Traversal - Arbitrary File Deletion Attempt
id: scw-2026-05-12-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-42048 by sending a DELETE request to the /api/v1/knowledge_bases endpoint with a 'name' parameter containing directory traversal sequences (e.g., '../'). This indicates an attempt to delete arbitrary files or directories on the server.
author: SCW Feed Engine (AI-generated)
date: 2026-05-12
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-42048/
tags:
  - attack.impact
  - attack.t1561.002
logsource:
    category: webserver
detection:
  selection:
      cs-method:
          - 'DELETE'
      cs-uri:
          - '/api/v1/knowledge_bases'
      cs-uri-query|contains:
          - 'name=' 
  selection_base:
      cs-method:
          - 'DELETE'
      cs-uri:
          - '/api/v1/knowledge_bases'
  selection_indicators:
      cs-uri-query|contains:
          - 'name=../'
  condition: selection_base AND selection_indicators
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-42048 Path Traversal Langflow versions prior to 1.9.0
CVE-2026-42048 Path Traversal DELETE /api/v1/knowledge_bases endpoint
CVE-2026-42048 Path Traversal Vulnerable component: Knowledge Bases API

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 12, 2026 at 21:17 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

MongoDB Ops Manager RCE via Webhook Template Injection (CVE-2026-8431)

CVE-2026-8431 — An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. ...

vulnerabilityCVEhigh-severitycwe-77
/SCW Vulnerability Desk /HIGH /7.2 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-8430: SPIP RCE Limited to Nginx Configurations

CVE-2026-8430 — SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing...

vulnerabilityCVEhigh-severityremote-code-executioncwe-94
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 3 Sigma

SPIP RCE Vulnerability (CVE-2026-8429) Bypasses Security Protections

CVE-2026-8429 — SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in...

vulnerabilityCVEhigh-severityremote-code-executioncwe-94
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 2 IOCs /⚙ 3 Sigma