GHSA-g2j9-7rj2-gm6c: Langflow has an Arbitrary File Write (RCE) via v2 API
Summary
Langflow's file upload endpoint (POST /api/v2/files/) is vulnerable to arbitrary file write (a type of attack that lets attackers save files anywhere on a server) because it doesn't properly validate filenames from multipart requests. Attackers who are logged in can use directory traversal characters (like "../") in filenames to write files outside the intended directory, potentially achieving RCE (remote code execution, where attackers can run commands on the server).
Solution / Mitigation
The source recommends two fixes: (1) Sanitize the multipart filename by extracting only the file name component and rejecting names containing "..": `new_filename = StdPath(file.filename or "").name` and add validation to reject invalid names. (2) Add a canonical path containment check inside `LocalStorageService.save_file` using `resolve().is_relative_to(base_dir)` to ensure files are always saved within the intended base directory.
Vulnerability Details
EPSS: 0.0%
Yes
March 19, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-g2j9-7rj2-gm6c
First tracked: March 19, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%