5 min read
News Brief A path traversal vulnerability in Langflow's file API allows unauthenticated attackers to overwrite arbitrary files and chain to RCE. Active exploitation confirmed in June 2026. Fix is in version 1.9.0.
path traversal
A path traversal vulnerability in Langflow's file API allows unauthenticated attackers to overwrite arbitrary files and chain to RCE. Active exploitation confirmed in June 2026. Fix is in version 1.9.0.