A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.
The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.
“The ‘POST /api/v2/files’ endpoint does not sanitize the ‘filename’ parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences (‘../’),” Tenable, which discovered the flaw, said in an alert released in late March 2026.
The cybersecurity company said it attempted to contact the project maintainers three times in January and February 2026, before disclosing details of the issue on March 27.
Caitlin Condon, vice president of security research at VulnCheck, said in a LinkedIn post that the vulnerability enables remote code execution.
“Because Langflow enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint, and a single unauthenticated request is sufficient to obtain a valid session token before proceeding with exploitation,” Condon added.
Exploitation efforts so far appear to weaponize the bug to write test files on victim systems. Data from Censys shows that there are about 7,000 Langflow instances publicly exposed on the internet, with a majority of them located in North America.
The attack effort follows a flurry of exploitation activity targeting other Langflow vulnerabilities this year, including CVE-2026-0770, CVE-2026-33017, CVE-2026-21445, and CVE-2025-34291, the last of which has been weaponized by the Iranian state-sponsored group known as MuddyWater.
“The activity underscores a growing trend of attackers targeting the infrastructure and tooling that organizations use to build and deploy AI applications,” the company said in a statement shared with The Hacker News.
Update
When reached for comment regarding the patch status, Tenable told The Hacker News via email that the project maintainer of the langflow-base package confirmed the vulnerability was addressed in Langflow version 1.9.0 released on April 15, 2026. Users are advised to update to the latest version for optimal protection.
(The story was updated after publication to include details of the patch availability.)
