A critical security vulnerability in Langflow, a widely used open-source platform for developing AI applications, is currently being exploited, according to cybersecurity experts from VulnCheck. The flaw, identified as CVE-2026-5027, poses a significant threat due to its high severity rating of 8.8 on the CVSS scale.
Details of the Langflow Vulnerability
The core of the vulnerability lies in a path traversal issue within the ‘POST /api/v2/files’ endpoint. This flaw allows attackers to exploit the unsanitized ‘filename’ parameter, enabling them to write files to arbitrary locations on the system. Tenable, the cybersecurity firm that discovered this issue, initially attempted to alert the Langflow project maintainers in early 2026.
Despite multiple attempts in January and February, the issue was publicly disclosed on March 27, 2026, highlighting the potential for remote code execution (RCE) attacks. Caitlin Condon, VulnCheck’s VP of Security Research, noted that Langflow’s default unauthenticated auto-login feature makes it especially vulnerable to exploitation without requiring user credentials.
Impact and Exploitation Attempts
Currently, attackers have been leveraging this vulnerability to deploy test files on compromised systems. VulnCheck’s analysis indicates that there are approximately 7,000 publicly accessible Langflow instances, with the majority based in North America. These systems are at risk of being targeted by this and other vulnerabilities discovered in Langflow.
This incident is part of a broader trend of exploiting similar vulnerabilities in Langflow, including CVE-2026-0770, CVE-2026-33017, CVE-2026-21445, and CVE-2025-34291. Notably, the latter has been associated with activities by the Iranian state-sponsored hacking group MuddyWater.
Recommendations and Patch Update
In response to inquiries about mitigation efforts, Tenable has confirmed that the Langflow team addressed the vulnerability with the release of version 1.9.0 on April 15, 2026. Users of Langflow are strongly urged to update their systems to this latest version to safeguard against potential exploitation.
This incident highlights an increasing focus by cyber attackers on the tools and infrastructure that support AI application development. Organizations are advised to remain vigilant and ensure that all software components are regularly updated to prevent similar security incidents.
