CVE-2026-33497
Received Received - Intake
Directory Traversal in Langflow Profile Picture Download Allows Secret Exposure

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: GitHub, Inc.

Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33497
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langflow langflow to 1.7.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-33497 is a path traversal vulnerability in the langflow package affecting versions up to 1.3.2. It exists in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, where the folder_name and file_name parameters are not properly sanitized.'}, {'type': 'paragraph', 'content': 'This improper filtering allows an attacker to manipulate the file path and read sensitive files outside the intended directory, such as the secret_key file.'}, {'type': 'paragraph', 'content': 'The secret_key is critical because it is used for JWT authentication, so exposing it enables attackers to forge authentication tokens and gain unauthorized access.'}, {'type': 'paragraph', 'content': "The vulnerability arises because the code concatenates folder_name and file_name without neutralizing special path elements like '..', leading to directory traversal."}] [1]

Impact Analysis

This vulnerability can have serious security impacts because it allows attackers to read sensitive files such as the secret_key used for JWT authentication.

With access to the secret_key, attackers can forge authentication tokens, potentially gaining unauthorized access to the system.

This unauthorized access could lead to data breaches, manipulation of AI-powered agents and workflows, and compromise of the overall system integrity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access files outside the intended directory using crafted URLs that exploit path traversal. Specifically, you can test the vulnerable endpoint by sending a request that includes path traversal sequences in the folder_name or file_name parameters.'}, {'type': 'list_item', 'content': "Use a curl command to test the endpoint, for example: curl --path-as-is 'http://127.0.0.1:7860/api/v1/files/profile_pictures/../secret_key'"}, {'type': 'paragraph', 'content': 'If the secret_key file or other sensitive files are returned, it indicates the system is vulnerable.'}] [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the langflow package to version 1.7.1 or later, where the issue has been patched.

The patch properly sanitizes the folder_name and file_name parameters to prevent path traversal attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33497. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart