**Langflow**, an open-source visual platform for building AI applications, agents, and Retrieval-Augmented Generation (RAG) systems, is currently under active attack. The platform, widely used by AI development teams, boasts over 149,000 stars and 9,200 forks on **GitHub**. ### The Vulnerability: CVE-2026-5027 **CVE-2026-5027** is a high-severity path traversal flaw residing in **Langflow**'s file upload functionality. It specifically fails to properly sanitize user-supplied filenames, enabling malicious actors to manipulate file paths. According to **Tenable**, which discovered the flaw, "The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../')." **Tenable** publicly disclosed the issue on March 27, 2026, after reporting it to the **Langflow** team without an initial response. ### Exploitation in the Wild Security researcher Caitlin Condon from **VulnCheck** has confirmed active exploitation of **CVE-2026-5027**. **VulnCheck** honeypots have detected attackers dropping test files on vulnerable **Langflow** instances. Critically, **Langflow**'s default unauthenticated auto-login feature exacerbates the risk. Condon noted, "Because **Langflow** enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint, and a single unauthenticated request is sufficient to obtain a valid session token before proceeding with exploitation." **Censys** scans identified approximately 7,000 publicly exposed **Langflow** instances. However, this figure includes historical data and may not precisely reflect the current number of vulnerable systems. ### Patch Information and Prior Vulnerabilities While **Tenable**'s advisory did not specify a fix, **Snyk Security** reported on March 30, 2026, that the issue was patched in the `langflow-base` package version 0.8.3, and the **Langflow** application itself received a patch in version 1.9.0. This exploitation follows a series of other **Langflow** vulnerabilities targeted earlier this year, including **CVE-2026-0770**, **CVE-2026-21445**, and **CVE-2026-33017**. Last year, the **U.S. Cybersecurity & Infrastructure Security Agency (CISA)** also warned about active exploitation of **CVE-2025-3248**, with **VulnCheck** still observing activity, including links to the Iranian threat group **MuddyWater**. ### Recommendations **Langflow** users are strongly urged to upgrade to the latest release, version 1.10.0, published recently, to mitigate the risk of exploitation.