CVE-2026-33309

攻击者可以利用此漏洞在 Langflow 服务器上执行任意代码。通过绕过文件名称验证，攻击者可以上传恶意文件，并在服务器上执行任意命令。这可能导致数据泄露、系统被完全控制，甚至进一步的横向移动攻击。由于 Langflow 用于构建和部署 AI 代理和工作流，因此此漏洞的影响范围可能非常广泛，可能影响到依赖 Langflow 的应用程序和服务的安全。类似于其他文件写入漏洞，攻击者可能利用此漏洞覆盖关键系统文件或上传webshell以获得持久访问。

Organizations deploying Langflow for AI agent development and workflow automation are at significant risk. This includes teams using Langflow in production environments, particularly those with limited security controls or those relying on older, unpatched versions. Shared hosting environments where multiple users share the same Langflow instance are also at elevated risk, as a compromise of one user's environment could potentially impact others.

• python / server:

import os
import hashlib

def check_langflow_files(directory):
    for filename in os.listdir(directory):
        if filename.endswith('.pyc') or filename.endswith('.pyo'):
            file_path = os.path.join(directory, filename)
            try:
                with open(file_path, 'rb') as f:
                    file_content = f.read()
                md5_hash = hashlib.md5(file_content).hexdigest()
                if 'malicious_string' in md5_hash:
                    print(f"Potential malicious file detected: {file_path}")
            except Exception as e:
                print(f"Error reading file: {file_path} - {e}")

# Example usage (replace with Langflow's data directory)
check_langflow_files('/path/to/langflow/data')

• generic web:

curl -I 'http://your-langflow-server/api/v2/files/' | grep 'Content-Type:'

• linux / server:

journalctl -u langflow -f | grep -i "error" -i "exception"

1. 2026-03-19Disclosure

   disclosure

2. 2026-03-19Patch

   patch

1. 已保留2026-03-18
2. 发布日期2026-03-19
3. 修改日期2026-03-25
4. EPSS 更新日期2026-04-01

最有效的缓解措施是立即将 Langflow 升级至 1.9.0 或更高版本。如果无法立即升级，可以考虑以下临时缓解措施：限制对 POST /api/v2/files/ 端点的访问，实施严格的文件名称验证，并使用 Web 应用防火墙 (WAF) 来检测和阻止恶意文件上传。此外，定期审查 Langflow 的配置，确保遵循最佳安全实践。升级后，请验证文件上传功能是否正常工作，并检查系统日志中是否存在任何异常活动。