Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (Exter…

Langflow versions 1.2.0 through 1.8.1 contain a critical vulnerability that bypasses the previous patch for CVE-2025-68478. The flaw exists in the LocalStorageService component due to inadequate boundary containment checks. Attackers can exploit the POST /api/v2/files/ endpoint through multipart upload filename manipulation to achieve arbitrary file writes. This vulnerability allows authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution. The issue stems from a defense-in-depth failure where the system relies entirely on HTTP-layer ValidatedFileName dependency. Version 1.9.0 provides an updated fix for this architectural security flaw.