CVE-2026-33497
HIGH
GHSA-ph9w-r52h-28p7
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Tags
Description
### Summary In the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. ### Details src/backend/base/langflow/api/v1/files.py  storage local get_file, directly concatenate flow_id and file_name  ### PoC ```curl --path-as-is 'http://127.0.0.1:7860/api/v1/files/profile_pictures/../secret_key' ``` ```QNuonm***********``` ### Impact secret_key is used for jwt authentication. Attackers can forge authentication tokens and log into the system.
Analysis
Path traversal in Langflow's /profile_pictures endpoint allows unauthenticated remote attackers to read the application's secret_key through directory traversal in the folder_name parameter. Since the secret_key is used for JWT authentication, attackers can forge valid tokens to gain unauthorized system access. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Langflow and assess exposure scope; isolate affected instances from production if possible. Within 7 days: Implement network-level controls (WAF rules, IP restrictions) to block the vulnerable endpoint; rotate all JWT secrets and API keys; apply input validation at the application layer. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today