CVE-2025-68478: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary p
Summary
Langflow, a tool for building AI-powered agents and workflows, has a vulnerability in versions before 1.7.0 where an attacker can specify any file path in a request to create or overwrite files anywhere on the server. The vulnerability exists because the server doesn't restrict or validate the file paths, allowing attackers to write files to sensitive locations like system directories.
Solution / Mitigation
Update Langflow to version 1.7.0, which fixes the issue.
Vulnerability Details
7.1(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-68478
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 95%