{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6596", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-19T13:46:55.202Z", "datePublished": "2026-04-20T02:15:13.863Z", "dateUpdated": "2026-04-20T02:15:13.863Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T02:15:13.863Z"}, "title": "langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "Unrestricted Upload"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1.0", "status": "affected"}], "cpes": ["cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*"], "modules": ["API Endpoint"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-19T15:52:15.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-d (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358231", "name": "VDB-358231 | langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358231/cti", "name": "VDB-358231 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/791919", "name": "Submit #791919 | Langflow <= 1.1.0 Unrestricted Upload of File with Dangerous Type", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/chenhouser2025/c2aabfdee41009cfe45d28a9924742a0", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-6596", "lastModified": "2026-04-20T03:16:16.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-20T03:16:16.967", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/chenhouser2025/c2aabfdee41009cfe45d28a9924742a0"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/791919"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358231"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358231/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T03:20:43.928291+00:00", "value": {"mitigation_remediation": ["Upgrade langflow to the latest released version that includes the fixed upload checks.", "Restrict access to the /api/v1/endpoints/create_upload_file endpoint by requiring authenticated and authorized users only.", "Enforce strict file type validation and size limits, rejecting any dangerous or unexpected file types before storage or execution."], "summary": {"action": "Immediate Patch", "impact": "Unrestricted File Upload leading to Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the langflow-ai langflow application up to version 1.1.0 and potentially earlier releases that have not applied any subsequent patch. Operators should verify their installed version against this range and consider the application as vulnerable if it has not been updated beyond 1.1.0.", "description_and_impact": "A flaw in the langflow API Endpoint allows an attacker to upload any file through the create_upload_file function without restriction. The upload endpoint lacks proper authorization and file type validation, permitting the submission of malicious code that could be executed on the server. The vulnerability is directly exploitable over the network and carries the risk of arbitrary code execution, data exfiltration, or denial of service.", "risk_and_exploitability": "The reported CVSS score of 6.9 indicates a moderate severity, but the lack of authentication requirements and publicly available exploit code mean that the risk is higher than the score alone suggests. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog; however, the presence of a remote upload vector and the potential for arbitrary code execution imply that attackers could target this flaw without needing additional conditions. The attack is likely carried out via an HTTP POST request to the create_upload_file endpoint from any network location that can reach the server."}}}}, "created": "2026-04-20T03:30:41.937342+00:00", "updated": "2026-04-20T03:30:41.937354+00:00", "vendors": []}