Platform
python
Component
langflow
Fixed in
1.7.2
1.7.1
CVE-2026-33497 describes an information disclosure vulnerability discovered in Langflow, a tool for building and deploying AI-powered agents and workflows. This flaw allows attackers to potentially read sensitive information, specifically the secret_key, by manipulating file and folder names. The vulnerability impacts versions of Langflow up to 1.7.0, and a patch is available in version 1.7.1.
The core of this vulnerability lies in the downloadprofilepicture function within the /profilepictures/{foldername}/{filename} endpoint. The foldername and filename parameters are not adequately validated, allowing an attacker to craft malicious requests that bypass directory traversal restrictions. By carefully constructing these parameters, an attacker can access files outside of the intended profile picture directory, including files containing the secretkey. Exposure of the secretkey could enable unauthorized access to Langflow's internal systems and data, potentially leading to complete compromise of the application and its associated resources. The impact is particularly severe given the sensitive nature of the secretkey and its role in securing the Langflow environment.
CVE-2026-33497 was publicly disclosed on 2026-03-20. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept (POC) exploits. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 7.5 (HIGH) indicates a significant potential for exploitation if the vulnerability is exposed and accessible.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
The primary mitigation for CVE-2026-33497 is to immediately upgrade Langflow to version 1.7.1 or later. This version includes a patch that implements stricter filtering of the foldername and filename parameters, preventing the directory traversal vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious characters or patterns in the foldername and filename parameters. Additionally, review and restrict file access permissions within the profile picture directory to minimize the potential impact of a successful attack. Regularly audit the Langflow configuration to ensure that file access controls are properly enforced.
Update Langflow to version 1.7.1 or higher. This version contains a fix for the file reading vulnerability through the /profile_pictures/{folder_name}/{file_name} endpoint.Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33497 is a vulnerability in Langflow versions ≤1.7.0 that allows attackers to read the secret_key due to insufficient parameter filtering, potentially leading to unauthorized access.
You are affected if you are using Langflow version 1.7.0 or earlier. Upgrade to version 1.7.1 to resolve the issue.
Upgrade Langflow to version 1.7.1 or later. As a temporary workaround, implement a WAF rule to block suspicious requests.
There is currently no evidence of active exploitation in the wild, but the vulnerability poses a significant risk.
Refer to the Langflow project's official release notes and security advisories for details: [https://github.com/langflow-ai/langflow/releases](https://github.com/langflow-ai/langflow/releases)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.