Description
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename="../../../target/path" ), enabling arbitrary file write operations with attacker-controlled content to any path accessible by the Langflow process.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
Vendor Solution
IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://www.ibm.com/support/pages/node/7278931 |
|
History
Fri, 17 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename="../../../target/path" ), enabling arbitrary file write operations with attacker-controlled content to any path accessible by the Langflow process. | |
| Title | Path Traversal Vulnerability in API Request Component Content-Disposition Header Processing | |
| First Time appeared |
Ibm
Ibm langflow Oss |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm langflow Oss |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-07-17T19:21:41.231Z
Reserved: 2026-05-01T20:06:08.386Z
Link: CVE-2026-7667
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T21:30:17Z
Weaknesses