Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2026-5027

๐Ÿ—“๏ธย 27 Mar 2026ย 14:54:53Reported byย tenableTypeย 
cve
ย cve๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 16ย Views๐ŸŒ WEB

Langflow path traversal allows arbitrary file write via upload by unsafely handling the filename.

Related
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2026-5027
3 Apr 202609:48
โ€“githubexploit
ATTACKERKB		CVE-2026-5027
27 Mar 202614:54
โ€“attackerkb
Circl		CVE-2026-5027
27 Mar 202617:23
โ€“circl
CNNVD		Langflow ๅฎ‰ๅ…จๆผๆดž
27 Mar 202600:00
โ€“cnnvd
Cvelist		CVE-2026-5027 Langflow - Path Traversal Arbitrary File Write via upload_user_file
27 Mar 202614:54
โ€“cvelist
EUVD		EUVD-2026-16668
27 Mar 202615:30
โ€“euvd
NVD		CVE-2026-5027
27 Mar 202615:17
โ€“nvd
Packet Storm		๐Ÿ“„ Langflow 1.8.4 File Write / Traversal / Remote Code Execution
2 Apr 202600:00
โ€“packetstorm
Packet Storm		๐Ÿ“„ Langflow 1.8.4 Traversal / Remote Code Execution
23 Apr 202600:00
โ€“packetstorm
Positive Technologies		PT-2026-28741
27 Mar 202600:00
โ€“ptsecurity
Rows per page
[
  {
    "vendor": "langflow-ai",
    "product": "langflow",
    "repo": "https://github.com/langflow-ai/langflow",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
filenameupload dataapi/v2/filesPath traversal via multipart filename allows writing files to arbitrary locations on the filesystem.CWE-22

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Mar 2026 13:26Current
6Medium risk
Vulners AI Score6
CVSS 3.18.8
EPSS0.00035
SSVC
CWE-22
Langflowpath traversalarbitrary file writefilename parameterfiles endpointmultipart form data
16