CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

LangBot 代码问题漏洞

LangBot is a large model of LangBot open source instant messaging bot development platform. A code issue vulnerability exists in LangBot versions 4.1.0 through 4.3.5, which stems from the /api/v1/files/documents interface not strictly limiting the server file storage directory, which could lead t...