CVE-2026-42048 is a critical-severity path traversal vulnerability in langflow (pip), affecting versions <= 1.8.4. It is fixed in 1.9.0.
Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledgebases). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption. Details The vulnerability exists in the deleteknowledgebasesbulk function within src/backend/base/langflow/api/v1/knowledgebases.py. This function constructs file paths directly from the user-supplied kbnames parameter. While other knowledge base endpoints safely route through standard path resolution (e.g., resolvekbpath()), the bulk delete handler bypasses this entirely. It builds the path manually and passes it directly to shutil.rmtree() without validating if the resulting path resolves outside the intended user directory. PoC (Proof of Concept) For the Bulk Delete endpoint, an authenticated attacker can supply a traversal sequence in the kbnames parameter: ../victimuser/kbname Because the path is passed directly to shutil.rmtree() without containment checks, this payload deletes directories outside the intended scope. Impact Any Langflow instance exposing this endpoint to authenticated users is vulnerable. This exposes the server to: Cross-user data compromise: Deletion of directories within another tenant's knowledge base space. Arbitrary filesystem manipulation: Directory deletion at any path on the server where the application has write permissions. Service disruption & Data Loss: Deletion of critical application files or unrecoverable data loss if backups are co-located on the same filesystem. Fixes The issue was addressed in PR #12243, which applies Path.resolve() to normalize the supplied path and validates that it starts with the authenticated user's directory before deletion. Subsequent updates (backported from PR #12337) introduced robust containment checks using Path.isrelativeto() to prevent prefix-ambiguity bugs. Acknowledgements Thanks to the security researchers who responsibly disclosed this vulnerability: @ddlxstudio @nekros1xx
Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.
CVE-2026-42048 has a CVSS score of 9.6 (Critical). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (1.9.0). Upgrading removes the vulnerable code path.
pip
langflow (<= 1.8.4)langflow → 1.9.0 (pip)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's runtime-powered SCA identifies whether CVE-2026-42048 is reachable in your applications. Explore open-source security for your team.
See if CVE-2026-42048 is reachable in your applications. Get a demo
Upgrade langflow to 1.9.0 or later to resolve this vulnerability.
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
CVE-2026-42048 is a critical-severity path traversal vulnerability in langflow (pip), affecting versions <= 1.8.4. It is fixed in 1.9.0. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
CVE-2026-42048 has a CVSS score of 9.6 (Critical). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
langflow (pip) versions <= 1.8.4 is affected.
Yes. CVE-2026-42048 is fixed in 1.9.0. Upgrade to this version or later.
Whether CVE-2026-42048 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
Upgrade langflow to 1.9.0 or later.