2 matches found
Security Bulletin: Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API
Summary IBM Langflow Desktop contains a critical vulnerability in its v2 API file handling mechanism where the POST /api/v2/files/ endpoint improperly processes multipart upload filenames without sanitization, allowing path traversal and arbitrary file write outside intended directories; this fla...
CVE-2026-32749 SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outsi...