Home
Home
Trends
Trends
Vulnerabilities
Vulnerabilities
News
News
Researchers
Researchers
Why dbugs?
Why dbugs?
Settings

Shawn Dong

#24548of 54,841
9.9Total CVSS
Vulnerabilities · 1
PT-2026-60868
9.9
2026-07-17
Ibm · Langflow Oss · CVE-2026-8859
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HTTP response Content-Disposition headers are not sanitized before being joined to the temporary directory path. An attacker controlling an external HTTP server can supply crafted filename values containing path traversal sequences (e.g., ../), enabling arbitrary file writes to locations accessible by the Langflow process.