Langflow POST /api/v2/files Path Traversal Arbitrary File Write

Small standalone Python exploit repository for CVE-2026-5027 targeting Langflow <= 1.8.4. Repository contains three files: a README describing the vulnerability and usage, a single executable exploit script (exploit.py), and requirements.txt listing the requests dependency. The exploit is not part of a larger framework. The main capability is arbitrary file write via path traversal in Langflow's multipart upload handling at POST /api/v2/files. The script first obtains an access token either by calling /api/v1/auto_login (default unauthenticated path) or by authenticating to /api/v1/login with provided credentials. It then abuses the filename field in the multipart upload by prepending repeated ../ traversal segments to a chosen remote path, allowing writes outside the intended storage directory. Two operating modes are implemented: (1) proof-of-concept mode writes a timestamped marker file to /tmp/CVE-2026-5027-proof.txt to confirm traversal and arbitrary write; (2) exploitation mode overwrites /etc/crontab with a cron payload that runs /bin/bash and connects back to an attacker-supplied lhost:lport using bash's /dev/tcp feature, yielding root-level remote code execution if cron processes the file. The exploit reports the returned server-side path from the API response and prints a completion summary. Overall, this is a real exploit rather than a detector. It is operational and weaponized enough for direct use against exposed Langflow instances, but payload customization is limited to the supplied reverse-shell host and port.

Repository contains a small exploit set for alleged CVE-2026-5027 affecting Langflow. The main artifact is CVE-2026-5027.py, a standalone Python exploit that first attempts an unauthenticated/auto-login flow against /api/v2/login and /api/v2/auth, then abuses POST /api/v2/files by supplying a traversal filename in multipart upload data. It supports two modes: a safer proof mode that writes a marker file into /tmp, and an RCE mode that writes ../../../etc/crontab with a cron entry executing a bash reverse shell to an attacker-supplied host and port. The repository also includes CVE-2026-5027.yaml, a Nuclei template that targets the same /api/v2/files endpoint and attempts a proof write to ../../../tmp/CVE-2026-5027-nuclei-proof.txt, primarily for scanning/validation. README.md documents the vulnerability, usage, and expected outcomes. Overall, this is an operational web/network exploit for arbitrary file write leading to Linux RCE, with both exploitation and scanning components present.

Repository contains a working Python exploit and a Dockerized lab environment for CVE-2026-5027, a Langflow <= 1.8.4 path traversal/arbitrary file write vulnerability. The main exploit file, CVE-2026-5027.py, performs a two-stage attack: it first obtains a bearer token either from unauthenticated auto-login at /api/v1/auto_login or via credentials at /api/v1/login, then abuses POST /api/v2/files by supplying a multipart filename prefixed with repeated ../ traversal sequences to write attacker-controlled content outside the upload directory. The exploit supports two outcomes: a safe proof mode that writes /tmp/CVE-2026-5027-proof.txt, and an RCE mode that writes a cron file under /etc/cron.d containing a bash reverse shell to an attacker-supplied host and port. The payload path is randomized with timestamp and sanitized host components to avoid filename deduplication. Repository structure is small and purpose-built: one Python exploit, one README, and three lab-support files. The Dockerfile builds an Ubuntu-based vulnerable environment with langflow==1.8.4, cron, and inotify-tools, and enables LANGFLOW_AUTO_LOGIN=True on port 9013. docker-entrypoint.sh starts a watcher and cron before launching Langflow. watch-etc-cron-files.sh monitors /etc for files whose names begin with cron and executes them with /bin/sh, making exploitation in the lab immediate and deterministic. Overall, this is an operational exploit PoC for unauthenticated or weakly authenticated arbitrary file write leading to remote code execution in Langflow deployments, especially those with auto-login enabled and writable sensitive filesystem locations.

Small standalone exploit repository with 2 files: a README describing CVE-2026-5027 and a single Python exploit script, poc.py. The script targets Langflow <= 1.8.4 and abuses path traversal in the multipart filename sent to POST /api/v2/files, allowing arbitrary file write outside the intended upload directory. The exploit first attempts to obtain an access token either through unauthenticated auto-login at /api/v1/auto_login or via credentialed login at /api/v1/login. It then crafts a filename prefixed with repeated ../ sequences and uploads attacker-controlled content to an arbitrary server path. Two modes are implemented: a proof mode that writes /tmp/CVE-2026-5027-proof.txt, and an RCE mode that writes a cron file under /etc/cron.d/ containing a bash reverse shell to an attacker-supplied host and port. The code is operational rather than a simple detector because it performs the full exploitation chain and includes a working payload. The repository is not part of a larger exploit framework.