Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in AI improvement platform Langflow, to jot down arbitrary information to uncovered servers.
Langflow is an open-source visible platform for constructing AI functions, AI brokers, search augmentation era (RAG) programs, and MCP-based workflows utilizing a drag-and-drop interface as a substitute of conventional coding.
The challenge is extensively utilized by AI improvement groups and has accrued over 149,000 stars and over 9,200 forks on GitHub.
CVE-2026-5027 is a high-severity path traversal flaw in Langflow’s file add performance that doesn’t correctly sanitize user-supplied file names.
“The ‘POST /api/v2/information’ endpoint doesn’t sanitize the ‘filename’ parameter in multipart type information, permitting an attacker to jot down information wherever on the file system utilizing path traversal sequences (‘../’),” explains Tenable, which found the flaw earlier this 12 months.
Tenable disclosed this problem on March 27, 2026, greater than two months after first reporting it to the Langflow staff with out receiving a response.
Though Tenable didn’t point out a repair in its advisory, Snyk Safety reported on March 30, 2026 that the problem was mounted within the langflow-base bundle model 0.8.3, and the Langflow utility itself obtained a patch in model 1.9.0.
In line with VulnCheck safety researcher Caitlin Condon, VulnCheck’s honeypot detected an attacker exploiting the vulnerability to drop take a look at information on weak situations.
“Langflow permits computerized unauthenticated login by default, so no credentials are required to achieve the weak endpoint, and one unauthenticated request is ample to acquire a legitimate session token earlier than continuing with exploitation,” the researcher’s publish on LinkedIn reads.
Condon added that Censys’ scans recognized roughly 7,000 publicly obtainable Langflow situations. Nevertheless, Censys information contains historic scan outcomes from the previous 12 months and should not precisely replicate the variety of programs presently in danger.
The exploitation of CVE-2026-5027 comes on the heels of comparable exercise concentrating on different Langflow vulnerabilities earlier this 12 months, together with CVE-2026-0770, CVE-2026-21445, and CVE-2026-33017.
Final 12 months, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) additionally warned of lively exploitation of CVE-2025-3248, and Condon stated VulnCheck continues to watch exercise, together with exercise associated to the Iranian menace group MuddyWater.
Langflow customers are inspired to improve to the newest launch, model 1.10.0, revealed at this time.
Safety groups doc 54% of profitable assaults and problem a warning on solely 14%. The remainder strikes invisibly via the atmosphere.
Picus’ whitepaper exhibits the way to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
