Langflow Alert: Path Traversal Flaw in Knowledge Bases API Risks Total Data Wipeout
Ddos 
Langflow, the popular visual framework for building and deploying AI-powered agents , has patched a critical security vulnerability that could have allowed authenticated users to delete virtually any directory on a server’s filesystem.
The flaw, tracked as CVE-2026-42048, carries a CVSS score of 9.6. It highlights a dangerous gap in how the platform handled “bulk” operations compared to its standard, more secure workflows.
While Langflow generally uses safe path resolution for its Knowledge Bases API, researchers discovered a significant oversight in the delete_knowledge_bases_bulk function. Unlike other endpoints that route through standard sanitization, the bulk delete handler was found to bypass these protections entirely.
The technical breakdown reveals a classic oversight.The function takes user-supplied knowledge base names (kb_names) and concatenates them directly into file paths. The application failed to validate whether the resulting path remained within the user’s intended directory. The constructed path was passed directly to shutil.rmtree(), a powerful Python command that recursively deletes entire directory trees.
An authenticated attacker could exploit this by supplying a simple path traversal sequence in the kb_names parameter. For example, using a payload like ../victim_user/kb_name would allow an attacker to reach outside their own storage space and delete folders belonging to other users or the system itself.
The impact of this vulnerability is severe for any Langflow instance hosting multiple users or critical data:
- Cross-User Compromise: Attackers could delete the knowledge base assets of other tenants.
- Arbitrary Filesystem Manipulation: Any directory where the application has write permissions is at risk.
- Service Disruption: The deletion of critical application files could lead to unrecoverable data loss and total service failure.
The Langflow team has moved quickly to close this gap. The fix involves normalizing paths using Path.resolve() and implementing robust containment checks. Developers also introduced Path.is_relative_to() to ensure that no deletion occurs outside the authenticated user’s designated directory.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
