2 matches found
GHSA-79PH-745M-6WXQ Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint
Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw...
PT-2026-50141
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow contains a path traversal flaw in the Knowledge Bases API endpoint 'POST /api/v1/knowledge bases'. The issue resides in the create knowledge base function, where the name variable is used t...