Cyber Resilience

CVE-2026-6596

Medium

Published: 20 April 2026

Published
20 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 20.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-6596 is a medium-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-6596 is a vulnerability enabling unrestricted file upload in langflow-ai/langflow versions up to 1.1.0. The issue resides in the create_upload_file function located in src/backend/base/Langflow/api/v1/endpoints.py within the API Endpoint component.

Attackers can exploit this remotely without authentication or user interaction, requiring only low complexity, as reflected in the CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Exploitation allows uploading arbitrary files, resulting in low impacts to confidentiality, integrity, and availability, associated with CWEs 284 (Improper Access Control) and 434 (Unrestricted Upload of File with Dangerous Type).

VulDB advisories indicate the vendor was contacted early for disclosure but provided no response, with no patches or official mitigations available. A public exploit is hosted on GitHub Gist and may be used in attacks.

Langflow, an AI workflow tool, makes this relevant to AI/ML deployments, and the public exploit raises risks of real-world abuse in exposed instances.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack…

more

remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, langflow

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Unrestricted file upload in public-facing API enables remote exploitation of the application (T1190) and direct upload of arbitrary files including web shells (T1100) or other tools (T1105).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2550Shared CWE-284, CWE-434
CVE-2026-2133Shared CWE-284, CWE-434
CVE-2025-1834Shared CWE-284, CWE-434
CVE-2025-7755Shared CWE-284, CWE-434
CVE-2025-8344Shared CWE-284, CWE-434
CVE-2025-7880Shared CWE-284, CWE-434
CVE-2025-15423Shared CWE-284, CWE-434
CVE-2026-41269Shared CWE-434
CVE-2026-3797Shared CWE-284, CWE-434
CVE-2026-5573Shared CWE-284, CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations on the API endpoint to prevent unauthorized unrestricted file uploads exploiting improper access control (CWE-284).

prevent

Validates inputs to the create_upload_file function to block unrestricted uploads of dangerous file types (CWE-434).

preventdetect

Requires timely identification, reporting, and remediation of the specific flaw in langflow's API endpoint, including monitoring for patches despite vendor non-response.

References