Security Advisory

CVE-2025-68478

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-19 17:10:14

Last updated 2025-12-19 17:59:42

Assigner GitHub_M

State PUBLISHED

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request bodys `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.

← Browse all CVEs View on cve.org ↗