Plattform
python
Komponente
langflow
Behoben in
1.7.2
1.7.1
CVE-2026-33497 describes a path traversal vulnerability discovered in Langflow, a Python-based application. This flaw allows unauthenticated attackers to access files outside the intended profile pictures directory by manipulating the foldername and filename parameters in the API. Versions of Langflow prior to 1.7.1 are affected, and a patch has been released to address the issue.
The vulnerability lies within the downloadprofilepicture function, where user-supplied path components are directly concatenated without proper validation. An attacker can craft malicious requests containing traversal sequences like ../secret_key to navigate the filesystem beyond the designated profile pictures directory. This could lead to the exposure of sensitive configuration files, API keys, or other critical data stored on the server. The potential blast radius extends to any data accessible by the web server process, depending on its permissions.
CVE-2026-33497 was publicly disclosed on 2026-03-20. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's nature makes it relatively easy to exploit. The EPSS score is likely medium, indicating a moderate probability of exploitation given the ease of exploitation and lack of authentication required. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Langflow for AI agent development and deployment are at risk, particularly those running versions prior to 1.7.1. This includes teams relying on Langflow's profile picture functionality and those who have not implemented robust file access controls. Shared hosting environments where multiple users share the same Langflow instance are also at increased risk.
• python / server:
import os
import re
def check_langflow_secret_key(log_file):
with open(log_file, 'r') as f:
for line in f:
if re.search(r'secret_key=', line):
return True
return False
# Example usage:
log_file = '/path/to/langflow/logs/error.log'
if check_langflow_secret_key(log_file):
print('Potential secret_key exposure detected!')
else:
print('No secret_key exposure detected.')• generic web:
curl -I 'http://your-langflow-instance/profile_pictures/../../../../secret_key' # Check for directory traversaldisclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
The primary mitigation is to upgrade Langflow to version 1.7.1 or later, which includes the necessary sanitization and validation to prevent path traversal. As a temporary workaround, restrict access to the /api/v1/files/profilepictures/{foldername}/{filename} endpoint using a Web Application Firewall (WAF) or proxy. Implement strict input validation on both foldername and file_name parameters, ensuring they only contain alphanumeric characters and prevent the use of traversal sequences. Consider implementing a chroot jail to limit the web server's access to specific directories.
Actualice Langflow a la versión 1.7.1 o superior. Esta versión contiene una corrección para la vulnerabilidad de lectura de archivos a través del endpoint /profile_pictures/{folder_name}/{file_name}.Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-33497 is a vulnerability in Langflow versions ≤1.7.0 that allows attackers to read the secret_key due to insufficient parameter filtering, potentially leading to unauthorized access.
You are affected if you are using Langflow version 1.7.0 or earlier. Upgrade to version 1.7.1 to resolve the issue.
Upgrade Langflow to version 1.7.1 or later. As a temporary workaround, implement a WAF rule to block suspicious requests.
There is currently no evidence of active exploitation in the wild, but the vulnerability poses a significant risk.
Refer to the Langflow project's official release notes and security advisories for details: [https://github.com/langflow-ai/langflow/releases](https://github.com/langflow-ai/langflow/releases)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.