CVE-2026-33497
Directory Traversal in Langflow Profile Picture Download Allows Secret Exposure
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langflow | langflow | to 1.7.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-33497 is a path traversal vulnerability in the langflow package affecting versions up to 1.3.2. It exists in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, where the folder_name and file_name parameters are not properly sanitized.'}, {'type': 'paragraph', 'content': 'This improper filtering allows an attacker to manipulate the file path and read sensitive files outside the intended directory, such as the secret_key file.'}, {'type': 'paragraph', 'content': 'The secret_key is critical because it is used for JWT authentication, so exposing it enables attackers to forge authentication tokens and gain unauthorized access.'}, {'type': 'paragraph', 'content': "The vulnerability arises because the code concatenates folder_name and file_name without neutralizing special path elements like '..', leading to directory traversal."}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious security impacts because it allows attackers to read sensitive files such as the secret_key used for JWT authentication.
With access to the secret_key, attackers can forge authentication tokens, potentially gaining unauthorized access to the system.
This unauthorized access could lead to data breaches, manipulation of AI-powered agents and workflows, and compromise of the overall system integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access files outside the intended directory using crafted URLs that exploit path traversal. Specifically, you can test the vulnerable endpoint by sending a request that includes path traversal sequences in the folder_name or file_name parameters.'}, {'type': 'list_item', 'content': "Use a curl command to test the endpoint, for example: curl --path-as-is 'http://127.0.0.1:7860/api/v1/files/profile_pictures/../secret_key'"}, {'type': 'paragraph', 'content': 'If the secret_key file or other sensitive files are returned, it indicates the system is vulnerable.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the langflow package to version 1.7.1 or later, where the issue has been patched.
The patch properly sanitizes the folder_name and file_name parameters to prevent path traversal attacks.