{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/langflow--1.8.4/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["langflow (\u003c= 1.8.4)"],"_cs_severities":["critical"],"_cs_tags":["path-traversal","vulnerability","langflow"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eThe Langflow application is susceptible to a critical path traversal vulnerability within its Knowledge Bases API. Specifically, the \u003ccode\u003eDELETE /api/v1/knowledge_bases\u003c/code\u003e endpoint allows authenticated users to delete knowledge bases using the \u003ccode\u003ekb_names\u003c/code\u003e parameter. Due to insufficient sanitization of user-supplied input, an attacker can inject path traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e) to manipulate file paths and delete arbitrary directories on the server. This vulnerability affects Langflow versions 1.8.4 and earlier. Successful exploitation can lead to significant data loss, service disruption, and potentially cross-user data compromise if the attacker gains the ability to delete data belonging to other users. Defenders must prioritize patching or mitigating this vulnerability to prevent unauthorized file system modifications.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the Langflow application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request to the \u003ccode\u003eDELETE /api/v1/knowledge_bases\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ekb_names\u003c/code\u003e parameter in the request contains a path traversal sequence, such as \u003ccode\u003e../victim_user/kb_name\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edelete_knowledge_bases_bulk\u003c/code\u003e function in \u003ccode\u003esrc/backend/base/langflow/api/v1/knowledge_bases.py\u003c/code\u003e receives the malicious input.\u003c/li\u003e\n\u003cli\u003eThe application constructs a file path by directly concatenating the user-supplied \u003ccode\u003ekb_names\u003c/code\u003e parameter without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eshutil.rmtree()\u003c/code\u003e function is called with the crafted file path, attempting to recursively delete the directory.\u003c/li\u003e\n\u003cli\u003eDue to the path traversal sequence, the deletion occurs outside the intended user directory.\u003c/li\u003e\n\u003cli\u003eArbitrary directories on the server are deleted, leading to data loss, service disruption, or cross-user data compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can have severe consequences. An attacker could delete critical system files, causing service disruption. They could also delete other users\u0026rsquo; knowledge base data, leading to a cross-user data compromise. Because the application has write access, they can traverse to any directory on the entire filesystem accessible to the Langflow service account. The vulnerability impacts any Langflow instance exposing the vulnerable endpoint to authenticated users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Langflow to a version that includes the fix from \u003cstrong\u003ePR #12243\u003c/strong\u003e and subsequent backports from \u003cstrong\u003ePR #12337\u003c/strong\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to the \u003ccode\u003eDELETE /api/v1/knowledge_bases\u003c/code\u003e endpoint containing path traversal sequences like \u003ccode\u003e../\u003c/code\u003e to detect exploitation attempts. Use the Sigma rule for detection of path traversal attempts.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all user-supplied parameters, especially those used in file path construction.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T18:28:59Z","date_published":"2026-05-05T18:28:59Z","id":"/briefs/2024-02-29-langflow-path-traversal/","summary":"A path traversal vulnerability exists in the Langflow Knowledge Bases API (`DELETE /api/v1/knowledge_bases`) that allows an authenticated attacker to delete arbitrary directories on the server's filesystem, leading to data loss and potential service disruption.","title":"Langflow Knowledge Bases API Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-02-29-langflow-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Langflow (\u003c= 1.8.4)","version":"https://jsonfeed.org/version/1.1"}