High-Severity Unrestricted File Upload in Langflow AI
The National Vulnerability Database has disclosed CVE-2026-6596, a high-severity (CVSS 7.3) unrestricted file upload vulnerability impacting Langflow AI’s langflow product, specifically versions up to 1.1.0. The flaw resides in the create_upload_file function within src/backend/base/Langflow/api/v1/endpoints.py, allowing remote attackers to upload arbitrary files.
This is a critical issue. Unrestricted file uploads are a classic attack vector, often leading to remote code execution (RCE) if an attacker can upload a malicious script and then trigger its execution. The National Vulnerability Database notes that an exploit has been publicly released, escalating the immediate risk for unpatched instances. The vendor, Langflow AI, reportedly did not respond to initial disclosure attempts.
For defenders, this means a straightforward path for attackers to compromise systems running vulnerable Langflow instances. The lack of vendor response to early disclosure is concerning and puts the onus squarely on users to identify and mitigate this risk proactively. Attackers will undoubtedly leverage the public exploit to gain initial access, pivot, and establish persistence.
What This Means For You
- If your organization uses Langflow AI's `langflow` up to version 1.1.0, you are exposed to a remote code execution risk. Immediately identify all instances of Langflow in your environment. Prioritize patching to a version beyond 1.1.0 or implement network-level controls to restrict access to the `/api/v1/endpoints.py` API endpoint. Audit logs for unusual file uploads or execution attempts.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-6596 - Unrestricted File Upload in Langflow API
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6596 | Unrestricted Upload | langflow-ai langflow up to 1.1.0 |
| CVE-2026-6596 | Unrestricted Upload | src/backend/base/Langflow/api/v1/endpoints.py::create_upload_file |
| CVE-2026-6596 | Unrestricted Upload | API Endpoint component |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 20, 2026 at 06:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Hospital Management System Hit by Remote Unrestricted File Upload
CVE-2026-6602 — A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation...
CVE-2026-6601 — Lagom WHMCS Template Vulnerability
CVE-2026-6601 — A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation...
CVE-2026-6599 — Langflow-Ai Langflow Vulnerability
CVE-2026-6599 — A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the...