CVE-2026-6596 | langflow-ai langflow up to 1.1.0 API Endpoint endpoints.py create_upload_file unrestricted upload

A vulnerability described as critical has been identified in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload.

This vulnerability is known as CVE-2026-6596. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More