CVE-2026-55447 | Langflow is a tool for building and deploying AI-powered age… | CVSS 9.6 CRITICAL

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to the vulnerability. This includes Docling (DoclingInlineComponent), Docling Serve, DoclingRemoteComponent), Read File (FileComponent), NVIDIA Retriever Extraction (NvidiaIngestComponent), Video File (VideoFileComponent), and Unstructured API (UnstructuredComponent). This vulnerability is fixed in 1.9.2.

Metadata

CVE ID: CVE-2026-55447
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-16 21:59 UTC
Published: 2026-06-23 16:21 UTC
Last updated: 2026-06-23 16:21 UTC
Primary CWE: CWE-61
CWE-61: UNIX Symbolic Link (Symlink) Following
Vendor / Product: langflow-ai / langflow
Sources: cve.org · NVD

Severity & Metrics

9.6 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
langflow-ai	langflow	—	< 1.9.2

Weakness (CWE)

CWE	Source	Description
CWE-200	cna	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-61	cna	CWE-61: UNIX Symbolic Link (Symlink) Following

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.6	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References (2)

https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75 https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75
https://github.com/langflow-ai/langflow/pull/12945 https://github.com/langflow-ai/langflow/pull/12945