Langflow CVE-2026-5027 Exploited: Unauthenticated RCE via Path Traversal

A high-severity, unpatched flaw in Langflow—the open-source low-code platform for building AI applications—is now under active exploitation in the wild, according to findings from VulnCheck. Tracked as CVE-2026-5027 with a CVSS score of 8.8, the vulnerability is a path traversal bug in the 'POST /api/v2/files' endpoint that fails to sanitize the 'filename' parameter in multipart form data. Attackers can leverage directory traversal sequences ('../') to write files to arbitrary locations on the filesystem, ultimately achieving remote code execution on vulnerable hosts.

Security researchers at Tenable discovered the flaw and attempted to contact the Langflow maintainers three times during January and February 2026 before publicly disclosing details on March 27. Caitlin Condon, vice president of security research at VulnCheck, noted in a LinkedIn post that exploitation is alarmingly simple: because Langflow enables unauthenticated auto-login by default, a single unauthenticated request is enough to obtain a valid session token before proceeding with the path traversal attack. No credentials are required to reach the vulnerable endpoint. Organizations running exposed Langflow instances are strongly urged to review their deployments and monitor for indicators of compromise, including unexpected test files appearing on disk.

The attack campaign fits a broader pattern of targeting the infrastructure and tooling that powers AI development. Earlier this year, threat actors exploited several other Langflow vulnerabilities, including CVE-2026-0770, CVE-2026-33017, CVE-2026-21445, and CVE-2025-34291—the last of which was weaponized by the Iranian state-sponsored group MuddyWater. With roughly 7,000 Langflow instances publicly accessible on the internet according to Censys data (a majority hosted in North America), the attack surface is substantial. Defenders should verify their exposure using tools like our port scanner and run a broader privacy checkup to identify misconfigured services. Operators of exposed Langflow deployments should also audit file system integrity and review authentication configurations immediately, while monitoring for any new vendor patches or mitigations from the Langflow project.