Langflow Path Traversal in Knowledge Bases API

Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). User-supplied knowledge base names are used directly to create file paths without proper sanitization, allowing authenticated attackers to create directories and write files anywhere on the server's filesystem.

Any Langflow instance exposing this endpoint to authenticated users.

Apply the fix from PR #12337 which introduces the _validate_kb_path_containment() helper function to enforce strict path boundaries.