Langflow is being actively exploited in the wild through CVE-2026-5027, a high-severity path traversal flaw that can let attackers write files to arbitrary locations and potentially achieve remote code execution. The issue affects publicly exposed Langflow instances, and exploitation activity adds to a series of recent attacks against Langflow vulnerabilities, including CVE-2025-34291 used by MuddyWater. #Langflow #CVE-2026-5027 #CVE-2025-34291 #MuddyWater
Keypoints
- CVE-2026-5027 in Langflow is an unpatched path traversal flaw with a CVSS score of 8.8.
- The vulnerable /api/v2/files endpoint fails to sanitize the filename parameter.
- An attacker can write files to arbitrary locations using path traversal sequences.
- VulnCheck says the flaw is being actively exploited in the wild.
- About 7,000 Langflow instances are publicly exposed, mostly in North America.
Read More: https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html