CVE-2026-33309

CVE-2026-33309 is a critical vulnerability in Langflow, an open-source tool for building and deploying AI-powered agents and workflows. It represents a bypass of the patch for the prior CVE-2025-68478 (External Control of File Name) in versions 1.2.0 through 1.8.1. The root issue stems from the `LocalStorageService` component, which lacks boundary containment checks in its underlying storage layer and over-relies on the HTTP-layer `ValidatedFileName` dependency for defense-in-depth. This exposes the `POST /api/v2/files/` endpoint to arbitrary file write attacks, as multipart upload filenames can bypass path-parameter guards. Successful exploitation enables attackers to write files to arbitrary locations on the host system, culminating in remote code execution (RCE). The vulnerability is associated with CWEs-22 (Path Traversal), CWE-73 (External Control of File Name or Path), CWE-94 (Code Injection), and CWE-284 (Improper Access Control), with a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Authenticated attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By crafting malicious multipart uploads to the vulnerable endpoint, they bypass filename validation and achieve arbitrary file writes anywhere on the host filesystem. This primitive directly leads to RCE, as attackers can overwrite critical files or deploy malicious executables, potentially granting full system compromise given the changed scope (S:C) and high impacts across confidentiality, integrity, and availability.

The official advisory at https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c details the patch in version 1.9.0, which addresses the bypass by implementing an updated fix for the `LocalStorageService` architectural flaws. Security practitioners should upgrade to Langflow 1.9.0 or later, restrict access to the `/api/v2/files/` endpoint, and audit file upload handling in custom deployments.