CVE-2026-48520
Awaiting Analysis Awaiting Analysis - Queue
Arbitrary File Read in Langflow Prior to 1.10.0

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of the flow is allowed. The execution request can contain a list of files that gets read by Langflow and fed into the LLM. The files path can be any path supported by the storage - it can be either a local file or S3 path if supported by the local configuration This vulnerability is fixed in 1.10.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-48520
EUVD
EUVD-2026-38520
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langflow-ai langflow to 1.10.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-48520 is a vulnerability in Langflow versions prior to 1.10.0 that allows unauthenticated users to read arbitrary local or S3 files through the Shareable Playground feature.

This feature enables public execution of workflows via a link, where users can specify file paths in the execution request.

The vulnerability arises because the system reads these files and feeds them into the language model without proper validation, potentially exposing sensitive data.

The attack requires user interaction to craft a malicious request but does not require any privileges.

Impact Analysis

This vulnerability can impact you by allowing unauthorized users to read arbitrary files from your system or connected S3 storage.

Since the files read are fed into the language model, sensitive or confidential information could be exposed.

The confidentiality impact is high, meaning sensitive data leakage is a significant risk.

Detection Guidance

This vulnerability involves the Shareable Playground feature in Langflow versions prior to 1.10.0, where an execution request can specify file paths to be read by the system. Detection would involve monitoring for unusual or unauthorized execution requests that include file path parameters.

Specifically, you can look for HTTP requests to the public flow endpoints that contain file path parameters. Commands to detect such activity might include inspecting web server logs or using network monitoring tools to filter requests containing suspicious file path patterns.

  • Use grep or similar tools on server logs to find requests with file path parameters, e.g., `grep -i 'file=' /var/log/nginx/access.log`
  • Use network packet capture tools like tcpdump or Wireshark to filter HTTP requests to the Langflow public flow endpoint and inspect for file path parameters.
  • Monitor application logs for execution requests that include file paths, especially those referencing local or S3 storage.
Mitigation Strategies

The primary mitigation step is to upgrade Langflow to version 1.10.0 or later, where this arbitrary file-read vulnerability has been fixed.

Until the upgrade can be applied, consider disabling the Shareable Playground (Public Flows) feature to prevent public execution of flows that could be exploited.

Additionally, restrict network access to the Langflow service to trusted users only, and monitor for suspicious execution requests that include file path parameters.

Compliance Impact

This vulnerability allows unauthenticated users to read arbitrary local or S3 files, potentially exposing sensitive data. Such unauthorized data exposure can lead to violations of confidentiality requirements mandated by common standards and regulations like GDPR and HIPAA.

Since the vulnerability impacts confidentiality by allowing external control over file paths and arbitrary file reads, it may result in non-compliance with data protection and privacy regulations that require strict controls over access to sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48520. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart