CVE-2026-8859
Received Received - Intake

Path Traversal in IBM Langflow OSS

Vulnerability report for CVE-2026-8859, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: IBM Corporation

Description

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HTTP response Content-Disposition headers are not sanitized before being joined to the temporary directory path. An attacker controlling an external HTTP server can supply crafted filename values containing path traversal sequences (e.g., ../), enabling arbitrary file writes to locations accessible by the Langflow process.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ibm langflow From 1.0.0 (inc) to 1.10.0 (inc)
ibm langflow_oss From 1.0.0 (inc) to 1.10.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-8859 is a path traversal vulnerability in IBM Langflow OSS versions 1.0.0 through 1.10.0. It occurs when the 'Save to File' feature is enabled in the APIRequest component. The vulnerability arises because filenames extracted from HTTP response Content-Disposition headers are not sanitized before being joined to the temporary directory path. This allows an attacker controlling an external HTTP server to supply crafted filenames containing path traversal sequences like ../, enabling arbitrary file writes to locations accessible by the Langflow process.

Detection Guidance

To detect this vulnerability, check if your Langflow OSS instance is running version 1.0.0 through 1.10.0. Inspect network traffic for HTTP responses with Content-Disposition headers containing path traversal sequences like ../. Review file system logs for unexpected file writes in temporary or site-packages directories.

Impact Analysis

This vulnerability can allow an attacker to write arbitrary files to unintended locations on your system. In Docker environments, it could escalate to remote code execution by writing malicious .pth files to the site-packages directory, which would execute when the container restarts. This could lead to unauthorized access, data theft, or system compromise depending on the privileges of the Langflow process.

Compliance Impact

This vulnerability could lead to unauthorized file writes, potentially exposing sensitive data or allowing system compromise. This may violate compliance requirements under GDPR (data protection), HIPAA (healthcare data security), or other regulations that mandate strict access controls and data integrity. Organizations must address this to maintain compliance and avoid regulatory penalties.

Mitigation Strategies

Immediately upgrade Langflow OSS to version 1.10.1 or later. Disable the 'Save to File' feature if not required. Restrict network access to Langflow instances to trusted sources only. Monitor file system changes for unauthorized writes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8859. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart