EXECUTIVE SUMMARY:
CVE-2026-55450 with a CVSS score of 9.3 is a critical authentication bypass and uncontrolled resource consumption flaw in the Langflow Python package (pip/langflow) affecting all releases prior to version 1.9.1. The vulnerability resides in the deprecated POST /api/v1/upload/{flow_id} endpoint, which accepts an uploaded file without requiring any user authentication or validating the supplied flow_id, and then writes the file to the server’s local filesystem using the save_uploaded_file routine. An attacker only needs network access to a vulnerable Langflow instance to invoke the endpoint with a crafted curl command, supplying any file payload; the server will store the data regardless of size and subsequently return a JSON response containing the absolute path of the saved file. This enables the adversary to exhaust disk space, causing a denial‑of‑service condition, and to harvest the disclosed absolute path, facilitating further attacks such as path‑based privilege escalation or targeted exploitation of other services. Exploitation requires no prior credentials, but the target must be running a vulnerable version of Langflow with the upload endpoint enabled and reachable over the network.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-55450 with a CVSS score of 9.3 is a critical authentication bypass and uncontrolled resource consumption flaw in the Langflow Python package (pip/langflow) affecting all releases prior to version 1.9.1. The vulnerability resides in the deprecated POST /api/v1/upload/{flow_id} endpoint, which accepts an uploaded file without requiring any user authentication or validating the supplied flow_id, and then writes the file to the server’s local filesystem using the save_uploaded_file routine. An attacker only needs network access to a vulnerable Langflow instance to invoke the endpoint with a crafted curl command, supplying any file payload; the server will store the data regardless of size and subsequently return a JSON response containing the absolute path of the saved file. This enables the adversary to exhaust disk space, causing a denial‑of‑service condition, and to harvest the disclosed absolute path, facilitating further attacks such as path‑based privilege escalation or targeted exploitation of other services. Exploitation requires no prior credentials, but the target must be running a vulnerable version of Langflow with the upload endpoint enabled and reachable over the network.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-x223-p2gf-v735