Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
HighPublic exploit

Path Traversal in Langflow profile picture download endpoint

IdentifiersCVE-2026-33497CWE-22· Improper Limitation of a Pathname…

CVE-2026-33497 is a path traversal vulnerability in Langflow, affecting versions prior to 1.7.1. The flaw is in the download_profile_picture function used by the /profile_pictures/{folder_name}/{file_name} endpoint (also referenced as GET /api/v1/files/profile_pictures/{folder_name}/{file_name}). The folder_name and file_name path parameters are not strictly filtered, allowing directory traversal outside the intended profile picture storage location. As a result, an attacker can read files across directories that are accessible to the application process, including Langflow's secret_key.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows unauthenticated arbitrary file read with high confidentiality impact. The most significant disclosed consequence is exfiltration of Langflow's secret_key used for JWT signing. If that key is obtained, an attacker may be able to forge valid JWTs and bypass authentication, potentially including administrator-level access depending on deployment and authorization configuration.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict or disable external access to the /api/v1/files/profile_pictures/ endpoint using a reverse proxy, firewall, or equivalent network controls. Limit exposure of the Langflow instance to trusted users or internal networks only. Because the vulnerability may expose the JWT signing secret, rotate the secret_key if exposure cannot be ruled out.

Remediation

Patch, then assume compromise.

Upgrade Langflow to version 1.7.1 or later. According to the advisory, the patch introduces validated path parameter types, strips directory components using Path.name, and enforces path containment with Path.is_relative_to() in src/backend/base/langflow/api/v1/files.py. If compromise is suspected, rotate the secret_key after upgrading.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
LangflowLangflowapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-33497
NVD
nvd.nist.gov/vuln/detail/CVE-2026-33497
MITRE CWE · CWE-22
Improper Limitation of a Pathname to a…
Vendor Advisory
github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7