Langflow File Upload Flaw: PoC and DoS Details Public

Langflow File Upload Flaw: Details and PoC Exploit Publicly Disclosed (CVE-2026-55450)

Do Son June 19, 2026 2 minutes read

At a glance

CVE: CVE-2026-55450
CVSS: 9.3 (Critical)
Product: langflow (pip)
Affected: < 1.9.1
Impact: Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
Status: No confirmed exploitation yet
Patched in: 1.9.1
Action: Update to 1.9.1 now

Unauthenticated upload exposes Langflow servers

A newly published Langflow file upload flaw lets anyone with network access push unlimited data to the server, with no login required. Tracked as CVE-2026-55450 and rated critical (CVSS 9.3), the bug affects every Langflow release before 1.9.1. Both the full technical details and a working proof-of-concept are now public.

Langflow is a popular open-source platform for building AI agents and workflows, with roughly 150,000 GitHub stars. That reach makes the issue worth immediate attention.

How the Langflow file upload flaw works

The problem lives in the deprecated POST /api/v1/upload/{flow_id} endpoint. Crucially, the route never checked credentials, and it never validated the flow_id either. As the advisory puts it, “Unauthenticated users can upload any amount of data to the server without any limitations.”

Therefore, an attacker can flood the disk until the host runs out of space. That, in turn, triggers a denial-of-service condition. Worse, the JSON response returns the file’s absolute path, which leaks the server’s cache directory layout.

A public PoC makes exploitation trivial

The advisory ships a one-line curl proof-of-concept that uploads a file and prints the leaked path. You can review the full write-up and PoC in the GitHub security advisory GHSA-x223-p2gf-v735, published by Langflow member AntonioABLima.

The issue maps to several weaknesses, including missing authentication (CWE-306) and uncontrolled resource consumption (CWE-400).

Patch available in 1.9.1

Maintainers fixed the Langflow file upload flaw in release 1.9.1 via PR #12831. The endpoint now requires an authenticated owner and enforces a maximum upload size. Administrators should therefore upgrade without delay.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Critical Alert 1 Active Exploit Detected Today

Leave a Reply Cancel reply