CVE-2026-6596: A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_f
highvulnerability
security
Summary
A security vulnerability (CVE-2026-6596) was found in Langflow (an AI tool) version 1.1.0 and earlier, affecting a file upload function in the API. The flaw allows unrestricted file uploads (meaning attackers can upload any type of file without proper checks), and it can be exploited remotely without requiring authentication or user interaction.
Vulnerability Details
CVSS Score
7.3(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
April 19, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
integrityavailability
Taxonomy References
Affected Vendors
LangChain
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-6596
First tracked: April 20, 2026 at 08:18 AM
Classified by LLM (prompt v3) · confidence: 92%