CVE-2026-42048

CRITICAL LAB

Langflow: Path Traversal in Langflow Knowledge Bases API

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-42048. PoCs published by EQSTLab, dwisiswant0.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-42048, a path traversal vulnerability in Langflow before 1.9.0. The exploit demonstrates arbitrary directory deletion via the bulk delete endpoint `/api/v1/knowledge_bases` by manipulating the `kb_names` parameter.

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption. This vulnerability is fixed in 1.9.0.

Exploits (2)

github WORKING POC 1 stars

by EQSTLab · pythonpoc

https://github.com/EQSTLab/CVE-2026-42048

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2026-42048, a path traversal vulnerability in Langflow before 1.9.0. The exploit demonstrates arbitrary directory deletion via the bulk delete endpoint `/api/v1/knowledge_bases` by manipulating the `kb_names` parameter.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Langflow < 1.9.0

Auth required

Prerequisites: authenticated access to the Langflow API · vulnerable Langflow version (< 1.9.0) · filesystem permissions to delete the target directory

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed May 21, 2026 Full analysis →

github WORKING POC 1 stars

by dwisiswant0 · pythonpoc

https://github.com/dwisiswant0/neo-pocs/tree/master/2026/CVE-2026-42048

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2026-42048, demonstrating path traversal in Langflow's Knowledge Bases API. The exploit leverages insecure path concatenation in `create_knowledge_base` and `delete_knowledge_bases_bulk` endpoints to create and delete arbitrary directories on the server.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: langflow <= 1.8.4

Auth required

Prerequisites: authenticated user access · Langflow instance with vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed May 14, 2026 Full analysis →

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q

Scores

CVSS v3 9.6

EPSS 0.0001

EPSS Percentile 3.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull langflowai/langflow:1.8.4

https://github.com/dwisiswant0/neo-pocs

https://github.com/EQSTLab/CVE-2026-42048

View in Library

Details

CWE

CWE-22

Status published

Products (3)

langflow/langflow < 1.9.0

langflow-ai/langflow < 1.9.0

pypi/langflow 0 - 1.9.0PyPI

Published May 12, 2026

Tracked Since May 13, 2026