Platform
python
Component
langflow
Fixed in
1.2.1
1.9.0
CVE-2026-33309 represents a critical Remote Code Execution (RCE) vulnerability discovered in Langflow, a tool for building and deploying AI-powered agents and workflows. This flaw stems from a bypass of a prior patch intended to address CVE-2025-68478, leaving a fundamental architectural weakness unresolved. The vulnerability affects versions of Langflow up to 1.8.2 and can be exploited to achieve arbitrary file writes, potentially leading to complete system compromise. A fix is available in version 1.9.0.
The core of this vulnerability lies in the LocalStorageService component's lack of boundary containment checks. Langflow relies on the HTTP-layer ValidatedFileName dependency for security, but this defense-in-depth fails. Attackers can exploit the POST /api/v2/files/ endpoint by bypassing the path-parameter guard within the multipart upload process. This allows for arbitrary file writes, meaning an attacker can write malicious files to any location accessible by the Langflow process. Successful exploitation could lead to remote code execution, enabling attackers to gain full control of the system hosting the Langflow application. This could involve deploying backdoors, stealing sensitive data, or disrupting service operations. The potential blast radius is significant, particularly in environments where Langflow is used to manage critical AI workflows.
While no public exploits have been widely reported, the severity of the vulnerability (CVSS 9.9) and the bypass nature of the attack suggest a high probability of exploitation. The vulnerability was publicly disclosed on March 19, 2026. It's crucial to assess whether this vulnerability has been added to any KEV (Known Exploited Vulnerabilities) catalogs. Given the ease of exploitation and the potential impact, security teams should prioritize remediation.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-33309 is to immediately upgrade Langflow to version 1.9.0 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /api/v2/files/ endpoint to trusted sources only, using a Web Application Firewall (WAF) or proxy server to enforce strict input validation and block suspicious requests. Carefully review and audit all file upload configurations to ensure proper sanitization and validation. Monitor system logs for unusual file creation or modification activity, particularly in directories where Langflow stores its data. After upgrading, confirm the vulnerability is resolved by attempting a file upload with a deliberately malicious filename and verifying that it is rejected.
Update Langflow to version 1.9.0 or higher. This version contains a fix for the arbitrary file write vulnerability. The update will prevent Remote Code Execution (RCE) by authenticated attackers.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33309 is a critical Remote Code Execution vulnerability in Langflow versions up to 1.8.2. It allows attackers to write arbitrary files, potentially leading to system compromise.
You are affected if you are using Langflow versions 1.2.0 through 1.8.2. Upgrade to 1.9.0 or later to mitigate the risk.
Upgrade Langflow to version 1.9.0 or later. As a temporary workaround, restrict access to the /api/v2/files/ endpoint and monitor system logs.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of future attacks. Monitor your systems closely.
Refer to the Langflow project's official website and security advisories for the latest information and updates regarding CVE-2026-33309.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.