IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename="../../../target/path" ), enabling arbitrary file write operations with attacker-controlled content to any path accessible by the Langflow process.
Advisories
No advisories yet.
Fixes
Solution
IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://www.ibm.com/support/pages/node/7278931 |
|
History
Fri, 17 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename="../../../target/path" ), enabling arbitrary file write operations with attacker-controlled content to any path accessible by the Langflow process. | |
| Title | Path Traversal Vulnerability in API Request Component Content-Disposition Header Processing | |
| First Time appeared |
Ibm
Ibm langflow Oss |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm langflow Oss |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-07-17T19:21:41.231Z
Reserved: 2026-05-01T20:06:08.386Z
Link: CVE-2026-7667
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T21:30:17Z
Weaknesses