A newly discovered and actively exploited security vulnerability in the open-source AI development platform Langflow is putting thousands of publicly exposed systems at risk of remote compromise, according to cybersecurity researchers.
The flaw, tracked as CVE-2026-5027, allows attackers to execute unauthorized actions on vulnerable systems and is already being leveraged in real-world attacks.
Path traversal flaw enables file write and code execution
Security researchers report that the vulnerability in Langflow stems from improper input validation in the file upload functionality.
Specifically, the issue affects the POST /api/v2/files endpoint, where the application fails to sanitize the filename parameter. This allows attackers to use path traversal sequences (such as ../) to write files outside the intended directory.
Security firm Tenable, which originally disclosed the issue, noted that the flaw could enable arbitrary file writes on affected systems.
Unauthenticated access increases attack severity
Researchers warn that the impact is significantly worse due to Langflow’s default configuration, which allows unauthenticated auto-login.
According to analysts at VulnCheck, attackers do not need valid credentials to exploit the vulnerability. A single request can grant session access, which can then be used to trigger malicious file writes and potentially achieve remote code execution (RCE).
In some observed cases, attackers have already begun exploiting the flaw to drop test files on compromised systems, indicating active reconnaissance and early-stage exploitation.
Thousands of exposed AI platforms at risk
Internet scan data indicates that approximately 7,000 Langflow instances are publicly accessible online, with a large concentration in North America. Many of these systems are believed to be running default or insufficiently secured configurations.
Security analysts warn that this exposure significantly increases the attack surface, particularly for organizations using AI workflow tools in production environments.
Pattern of repeated exploitation against Langflow
This is not the first time the platform has been targeted. Researchers note a growing list of vulnerabilities affecting Langflow, including:
- CVE-2026-0770
- CVE-2026-33017
- CVE-2026-21445
- CVE-2025-34291 (previously linked to exploitation by the Iran-backed group MuddyWater)
Security experts say this pattern highlights increasing attacker interest in AI development infrastructure as a strategic target.
Growing focus on AI development tools
Analysts warn that attackers are increasingly shifting focus from traditional IT systems to AI application platforms and developer tooling.
These environments often contain sensitive data pipelines, API integrations, and cloud connectivity, making them attractive targets for espionage and system compromise.
VulnCheck researchers describe this trend as part of a broader evolution in cyber operations targeting the AI ecosystem rather than just end-user systems.
Urgent need for patching and exposure reduction
Security experts recommend immediate action for organizations using Langflow:
- Restrict public internet exposure of instances
- Disable unauthenticated access where possible
- Apply security patches as soon as they are available
- Monitor file upload endpoints for abnormal activity
With exploitation already underway, researchers warn that unpatched systems remain at high risk of compromise.
