Lucene search
K

4 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-378 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

9.6CVSS6.3AI score0.00411EPSS
Exploits1References6
CVE
CVE
added 2026/06/23 4:21 p.m.22 views

CVE-2026-55447

Langflow’s BaseFileComponent family (including Read File, DoclingInlineComponent, DoclingServe, DoclingRemoteComponent, NvidiaIngestComponent, VideoFileComponent, UnstructuredComponent) is affected by CVE-2026-55447. The underlying issue is in base_file.py: _unpack_bundle TAR extraction does not ...

9.6CVSS5.9AI score0.00411EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/19 9:18 p.m.12 views

GHSA-CCV6-R384-XP75 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

9.6CVSS6.3AI score0.00411EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/19 9:18 p.m.12 views

Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

9.6CVSS6.3AI score0.00411EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder