ByteOS Network

NVD Vulnerability Details :

CVE-2026-42867

Undergoing Analysis

Source-security-advisories@github.com

Published At-23 Jun, 2026 | 17:16

Updated At-23 Jun, 2026 | 18:17

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw to create directories and write files anywhere on the server's filesystem. This vulnerability is fixed in 1.9.0.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
			N/A

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Type: N/A

Version:

Base score:

Base severity: N/A

Vector:

Weaknesses

CWE ID	Type	Source
CWE-22	Secondary	security-advisories@github.com

CWE ID: CWE-22

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/langflow-ai/langflow/pull/12337	security-advisories@github.com	N/A
https://github.com/langflow-ai/langflow/security/advisories/GHSA-79ph-745m-6wxq	security-advisories@github.com	N/A
https://github.com/langflow-ai/langflow/security/advisories/GHSA-79ph-745m-6wxq	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A