# [CRIT] [GHSA / CRITICAL] CVE-2026-55450: Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak **Source:** GitHub Security Advisories **Published:** 2026-06-17 **Article:** https://github.com/advisories/GHSA-x223-p2gf-v735 ## Threat Profile Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak ### Summary Unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the server. In adition, in the response, the absolute path of the uploaded file is reported to the attacker, which is an information leak that can assist in chaining other primitives. Tested on commi… ## Indicators of Compromise (high-fidelity only) - **CVE:** `CVE-2026-55450` ## MITRE ATT&CK Techniques - **T1190** — Exploit Public-Facing Application - **T1204.002** — User Execution: Malicious File - **T1499.001** — Endpoint Denial of Service: OS Exhaustion Flood ## Kill chain phases observed _(none detected from narrative keywords)_ ## Recommended hunts ### Langflow CVE-2026-55450 unauthenticated upload endpoint hit `UC_4_2` · phase: **exploit** · confidence: **High** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime values(Web.url) as url values(Web.status) as status values(Web.http_user_agent) as ua values(Web.bytes_in) as bytes_in dc(Web.src) as src_count from datamodel=Web.Web where Web.http_method=POST Web.url="*/api/v1/upload/*" Web.status=201 by Web.src Web.dest Web.user | `drop_dm_object_name(Web)` | where isnull(user) OR user="-" OR user="" | where bytes_in > 1048576 OR count > 20 ``` **Defender KQL:** ```kql // Langflow is typically not on Defender-monitored endpoints; web logs preferred. If Langflow runs on a Defender-enrolled Linux/Windows host, fall back to network egress to the listening port. DeviceNetworkEvents | where Timestamp > ago(7d) | where LocalPort == 7860 | where ActionType == "InboundConnectionAccepted" | summarize Hits=count(), Bytes=sum(toint(coalesce(tostring(parse_json(AdditionalFields).bytes_in), "0"))) by DeviceName, RemoteIP, bin(Timestamp, 5m) | where Hits > 20 or Bytes > 1048576 | order by Timestamp desc ``` ### Langflow cache directory rapid file growth (CVE-2026-55450 DoS) `UC_4_3` · phase: **actions** · confidence: **Medium** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count values(Filesystem.file_path) as paths sum(Filesystem.file_size) as total_bytes dc(Filesystem.file_path) as distinct_files from datamodel=Endpoint.Filesystem where Filesystem.action=created (Filesystem.file_path="*/Library/Caches/langflow/*" OR Filesystem.file_path="*/.cache/langflow/*" OR Filesystem.file_path="*\\langflow\\Cache\\*") Filesystem.process_name IN ("python","python3","uvicorn","langflow","gunicorn") by Filesystem.dest Filesystem.process_name span=5m | `drop_dm_object_name(Filesystem)` | where distinct_files > 50 OR total_bytes > 524288000 ``` **Defender KQL:** ```kql DeviceFileEvents | where Timestamp > ago(1d) | where ActionType == "FileCreated" | where FolderPath has_any ("/Library/Caches/langflow/", "/.cache/langflow/", @"\langflow\Cache\", @"\AppData\Local\langflow\") | where InitiatingProcessFileName in~ ("python", "python3", "python.exe", "python3.exe", "uvicorn", "langflow", "langflow.exe", "gunicorn") | extend FlowIdDir = extract(@"langflow[\\/]([0-9a-fA-F-]{36})", 1, FolderPath) | where isnotempty(FlowIdDir) | summarize FileCount=count(), TotalBytes=sum(FileSize), DistinctFlowIds=dcount(FlowIdDir), SampleFile=any(FileName) by DeviceName, InitiatingProcessFileName, bin(Timestamp, 5m) | where FileCount > 50 or TotalBytes > 524288000 or DistinctFlowIds > 20 | order by Timestamp desc ``` ### Article-specific behavioural hunt — [GHSA / CRITICAL] CVE-2026-55450: Langflow: Unauthenticated file upload leads to `UC_4_1` · phase: **exploit** · confidence: **High** **Splunk SPL (CIM):** ```spl ``` Article-specific bespoke detection — [GHSA / CRITICAL] CVE-2026-55450: Langflow: Unauthenticated file upload leads to ``` | tstats `summariesonly` count earliest(_time) AS firstTime latest(_time) AS lastTime from datamodel=Endpoint.Processes where (Processes.process_name IN ("endpoints.py")) by Processes.dest, Processes.user, Processes.process_name, Processes.process, Processes.parent_process_name, Processes.process_path | `drop_dm_object_name(Processes)` | `security_content_ctime(firstTime)` | append [ | tstats `summariesonly` count from datamodel=Endpoint.Filesystem where Filesystem.action IN ("created","modified") AND (Filesystem.file_path="*/tmp/dummy.txt*" OR Filesystem.file_name IN ("endpoints.py")) by Filesystem.dest, Filesystem.user, Filesystem.process_name, Filesystem.file_path, Filesystem.file_name | `drop_dm_object_name(Filesystem)` ] ``` **Defender KQL:** ```kql // Article-specific bespoke detection — [GHSA / CRITICAL] CVE-2026-55450: Langflow: Unauthenticated file upload leads to // Hunts the actual binaries / paths / commandline fragments named // in the article instead of a generic technique-class template. DeviceProcessEvents | where Timestamp > ago(30d) | where (FileName in~ ("endpoints.py")) | project Timestamp, DeviceName, AccountName, FileName, FolderPath, ProcessCommandLine, InitiatingProcessFileName, InitiatingProcessCommandLine | order by Timestamp desc // File-creation events for the named binaries / paths DeviceFileEvents | where Timestamp > ago(30d) | where ActionType in ("FileCreated","FileModified") | where (FolderPath has_any ("/tmp/dummy.txt") or FileName in~ ("endpoints.py")) | project Timestamp, DeviceName, AccountName, FolderPath, FileName, ActionType, InitiatingProcessFileName, InitiatingProcessCommandLine | order by Timestamp desc ``` ### IOC-driven hunts (use shared templates) These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing. - **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High** - CVE(s): `CVE-2026-55450` ## Why this matters Severity classified as **CRIT** based on: CVE present, 4 use case(s) fired, 3 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.