Langflow — Path Traversal in Knowledge Bases API (CVE-2026-42048)
AI relevance: Langflow is a widely-used visual tool for building and deploying AI agent workflows; a path traversal in its Knowledge Bases API let authenticated attackers delete arbitrary directories on the host filesystem, threatening RAG data stores and agent configuration files.
What happened
- CVE-2026-42048 was published on May 12, 2026 with a CVSS score of 9.6 (Critical).
- The vulnerability lives in Langflow's
DELETE /api/v1/knowledge_basesendpoint, which directly concatenated user-supplied knowledge base names into filesystem paths without sanitization. - Path traversal sequences (
../) in the knowledge base name resolved outside the intended storage directory, enabling deletion of arbitrary directories wherever the Langflow process had write permissions. - Exploitation requires authentication to the Langflow instance but no additional privileges beyond a valid session.
- Fixed in Langflow version 1.9.0. No public proof-of-concept has been released.
Why it matters
- Langflow is commonly deployed to manage RAG pipelines, vector store connections, and agent orchestration. Knowledge bases in this context often contain indexed documents, embeddings caches, and configuration data critical to AI operations.
- Arbitrary directory deletion can wipe RAG data stores, agent configuration files, or any content accessible to the Langflow service account — causing data loss and operational disruption.
- This is a separate vulnerability from the previously reported Langflow Desktop command injection (CVE-2026-6543), indicating ongoing input-validation gaps across the platform's API surface.
What to do
- Upgrade Langflow to version 1.9.0 or newer immediately.
- If you cannot upgrade, restrict access to the Knowledge Bases API and audit API logs for DELETE requests containing path traversal sequences.
- Run Langflow under a dedicated service account with minimal filesystem permissions — isolate it from critical system directories.
- Review backup and recovery procedures for RAG data stores and agent configurations managed through Langflow.