CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to the vulnerability. This includes Docling (DoclingInlineComponent), Docling Serve, DoclingRemoteComponent), Read File (FileComponent), NVIDIA Retriever Extraction (NvidiaIngestComponent), Video File (VideoFileComponent), and Unstructured API (UnstructuredComponent). This vulnerability is fixed in 1.9.2.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/langflow-ai/langflow/pull/12945	Issue Tracking Patch
https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*

History

24 Jun 2026, 13:50

Type	Values Removed	Values Added
CPE		cpe:2.3:a:langflow:langflow::::::::
References	~~() https://github.com/langflow-ai/langflow/pull/12945 -~~	() https://github.com/langflow-ai/langflow/pull/12945 - Issue Tracking, Patch
References	~~() https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75 -~~	() https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75 - Exploit, Patch, Vendor Advisory
First Time		Langflow langflow Langflow

23 Jun 2026, 17:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-23 17:17

Updated : 2026-06-24 13:50

NVD link : CVE-2026-55447

Mitre link : CVE-2026-55447

CVE.ORG link : CVE-2026-55447

JSON object : View

Products Affected

langflow

langflow

CWE

CWE-61

UNIX Symbolic Link (Symlink) Following

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2026-55447", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-55447", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-06-23T00:00:00+00:00"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"status": "affected", "version": "< 1.9.2"}]}]}], "published": "2026-06-23T17:17:08.540", "references": [{"url": "https://github.com/langflow-ai/langflow/pull/12945", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-61"}, {"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to the vulnerability. This includes Docling (DoclingInlineComponent), Docling Serve, DoclingRemoteComponent), Read File (FileComponent), NVIDIA Retriever Extraction (NvidiaIngestComponent), Video File (VideoFileComponent), and Unstructured API (UnstructuredComponent). This vulnerability is fixed in 1.9.2."}], "lastModified": "2026-06-24T13:50:38.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5488C0C-98DB-4686-808B-99CB766D514C", "versionEndExcluding": "1.9.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}