Critical Langflow Vulnerability Exploited in the Wild, Enabling Remote Code Execution
Threat actors are actively exploiting a high-severity vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow, a popular low-code AI development platform. The flaw, a path traversal issue, allows attackers to write files to arbitrary system locations by manipulating the filename parameter in the POST /api/v2/files endpoint.
According to VulnCheck, the vulnerability enables unauthenticated remote code execution (RCE) due to Langflow’s default auto-login feature, which grants session tokens without credentials. Attackers can exploit the flaw with a single unauthenticated request, as demonstrated by observed in-the-wild attempts that dropped test files on victim systems.
The attack surface is significant, with roughly 7,000 internet-exposed Langflow instances, primarily in North America. VulnCheck notes this activity reflects a broader trend of threat actors targeting AI development infrastructure.
The vulnerability was publicly disclosed on March 27 by Tenable after prior disclosure attempts failed. Langflow has not yet responded to requests for comment.
Source: https://www.securityweek.com/hackers-exploit-langflow-vulnerability-for-remote-code-execution/
Langflow cybersecurity rating report: https://www.rankiteo.com/company/langflow
"id": "LAN1781180750",
"linkid": "langflow",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology/AI',
'location': 'North America (primarily)',
'name': 'Langflow',
'type': 'AI Development Platform'}],
'attack_vector': 'Remote',
'date_publicly_disclosed': '2024-03-27',
'description': 'Threat actors are actively exploiting a high-severity '
'vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow, a '
'popular low-code AI development platform. The flaw, a path '
'traversal issue, allows attackers to write files to arbitrary '
'system locations by manipulating the `filename` parameter in '
'the `POST /api/v2/files` endpoint. This enables '
'unauthenticated remote code execution (RCE) due to Langflow’s '
'default auto-login feature, which grants session tokens '
'without credentials.',
'impact': {'operational_impact': 'Remote Code Execution (RCE) enabled on '
'affected systems',
'systems_affected': '7,000 internet-exposed Langflow instances'},
'initial_access_broker': {'entry_point': 'POST /api/v2/files endpoint (path '
'traversal)'},
'post_incident_analysis': {'root_causes': 'Path traversal vulnerability '
'(CVE-2026-5027) combined with '
'default auto-login feature'},
'references': [{'source': 'VulnCheck'}, {'source': 'Tenable'}],
'title': 'Critical Langflow Vulnerability Exploited in the Wild, Enabling '
'Remote Code Execution',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2026-5027 (Path Traversal)'}