Langflow, a popular open-source platform for building AI agents and workflows, has a confirmed path traversal...

Langflow, a popular open-source platform for building AI agents and workflows, has a confirmed path traversal vulnerability in its Knowledge Bases API, assigned CVE-2026-42048. The advisory (OSV GHSA-9whx-c884-c68q) details that an attacker can exploit this flaw to traverse directories and potentially access sensitive files. While Langflow released versions 1.9.4 and 1.9.5 shortly after the advisory date (May 26 and May 29, 2026), it is unclear if these updates include a fix for the vulnerability. The weakness threatens developer trust in the platform and could slow adoption among teams handling sensitive data. The incident signals a security risk within the AI development tool ecosystem, potentially impacting downstream users who rely on Langflow for production workflows.