Path Traversal in Langflow-ai Langflow

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name para…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (15.8th percentile) — read the EPSS interpretation.