CVE-2026-4502
Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
IBM · Langflow DesktopWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →