‼️ CVE-2026-5027: Critical Path Traversal / Arbitrary File Write vulnerability in Langflow’s `POS...

Summary

A critical vulnerability (CVSS 8.8) has been disclosed in Langflow affecting the POST /api/v2/files endpoint, allowing unauthenticated attackers to perform path traversal and write arbitrary files to the system. The flaw enables remote code execution and system compromise without authentication. Affected organizations using Langflow should immediately apply patches or implement access controls.

Indicators of Compromise

• cve — CVE-2026-5027

Entities