python · langflowHeads-up
Langflow Shareable Playground Arbitrary File Read Vulnerability
A security advisory for Langflow's Shareable Playground feature reveals an arbitrary file-read vulnerability.
What changed
A security advisory for Langflow's Shareable Playground feature reveals an arbitrary file-read vulnerability. Unauthenticated users can specify file paths in the `files` field of a public flow execution request, causing Langflow to read those files and feed them into the LLM as images.
Who it affects
All Langflow instances with the Shareable Playground feature enabled and public flows.
What to do today
Disable the Shareable Playground feature or restrict access to public flows until a patch is applied.
The trail
Collected→
Audited→
Written→
Published