Arbitrary File Write Vulnerability in IBM Langflow Products
CVE-2026-7667
8.8HIGH
What is CVE-2026-7667?
IBM Langflow OSS versions from 1.0.0 to 1.10.0 are susceptible to an arbitrary file write vulnerability that allows authenticated attackers to create malicious flows. By manipulating the Content-Disposition header of responses, attackers can direct the system to write files to any path within the Langflow process's access. This exploitation could lead to unauthorized file modifications and compromises system integrity.
Affected Version(s)
Langflow OSS 1.0.0 <= 1.10.0