python · langflowCritical
Langflow: Symlink extraction vulnerability in BaseFileComponent allows arbitrary file read and RCE
A vulnerability in BaseFileComponent.
What changed
A vulnerability in BaseFileComponent._unpack_bundle allows symlink extraction from tar files, enabling arbitrary file read and potential RCE via JWT secret theft.
Who it affects
Any Langflow user using BaseFileComponent-based components (Docling, Docling Serve, Read File, NVIDIA Retriever Extraction, Video File, Unstructured API) to ingest user-controlled data.
What to do today
Upgrade to Langflow 1.9.2 or later immediately.
The trail
Collected→
Audited→
Written→
Published