Langflow – Path Traversal Arbitrary File Write via upload_user_file

27/03/2026

The ‘POST /api/v2/files’ endpoint does not sanitize the ‘filename’ parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences (‘../’).

Joshua Martinelle Fri, 03/27/2026 – 10:51
– Read more

Monday	08:00 - 17:00
Tuesday	08:00 - 17:00
Wednesday	08:00 - 17:00
Thursday	08:00 - 17:00
Friday	08:00 - 17:00

Langflow – Path Traversal Arbitrary File Write via upload_user_file

Latest article

Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio

European Commission data stolen in a cyberattack on the infrastructure hosting its web sites

Metasploit Wrap-Up 03/27/2026

FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers

EDITOR PICKS

Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio

European Commission data stolen in a cyberattack on the infrastructure hosting...

Metasploit Wrap-Up 03/27/2026

POPULAR POSTS

Threats to users of adult websites in 2018

The World’s Most Popular Coding Language Happens to be Most Hackers’...

IT threat evolution Q2 2019

POPULAR CATEGORY

Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio

European Commission data stolen in a cyberattack on the infrastructure hosting...

Metasploit Wrap-Up 03/27/2026