SYS::ONLINE
Wasteland.
Briefs1238
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-8859 2026-07-17

CVE-2026-8859: Critical Path Traversal in IBM Langflow OSS Enables Arbitrary File Writes

"A critical (CVSS 9.9) path traversal flaw in IBM Langflow OSS lets an attacker who controls an external HTTP server write arbitrary files to locations accessible by the Langflow process."

A critical (CVSS 9.9) path traversal flaw in IBM Langflow OSS lets an attacker who controls an external HTTP server write arbitrary files to locations accessible by the Langflow process.

What Is It

CVE-2026-8859 is an improper input validation vulnerability (CWE-22, path traversal) in the APIRequest component of IBM Langflow OSS. When the "Save to File" feature is enabled, filenames extracted from HTTP response Content-Disposition headers are not sanitized before being joined to the temporary directory path. An attacker controlling an external HTTP server can supply crafted filename values containing path traversal sequences (e.g., ../), enabling arbitrary file writes to locations accessible by the Langflow process.

Why It Matters

The vulnerability carries a CVSS 3.1 base score of 9.9 (CRITICAL), with the vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. It is network-exploitable with low attack complexity, requires only low privileges, and needs no user interaction. The scope is Changed, and confidentiality, integrity, and availability impacts are all rated High. Arbitrary file writes to attacker-chosen locations can lead to serious compromise of the affected system.

What's Vulnerable

IBM Langflow OSS versions 1.0.0 through 1.10.0 are affected. Exploitation requires that the "Save to File" feature is enabled and that the target Langflow instance retrieves a response from an HTTP server under the attacker's control.

Patch Status

The NVD record lists the vulnerability status as "Received" and was published on 2026-07-17. IBM has issued a security advisory referenced in the sources below. This CVE does not appear in the supplied CISA KEV data, so there is no confirmed record of active exploitation in the provided source material. Consult the IBM advisory for remediation guidance.

Sources