Langflow Path Traversal Vulnerability in Knowledge Bases API Allowing Arbitrary Directory Deletion

A path traversal vulnerability has been identified in Langflow versions prior to 1.9.0, specifically within the Knowledge Bases API's bulk delete endpoint. This vulnerability arises because user-supplied knowledge base names are directly appended to file paths without adequate sanitization or boundary validation. An authenticated attacker could exploit this issue to delete arbitrary directories on the server's filesystem, resulting in data loss and potential service disruption.

Impact

Exploitation of this vulnerability allows for cross-user data compromise by deleting directories within another tenant's knowledge base space. It also enables arbitrary filesystem manipulation by deleting directories at any path on the server where the application has write permissions. This could lead to service disruption and data loss, especially if critical application files or backups are stored on the same filesystem.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to the bulk delete endpoint of the Knowledge Bases API. The request must include a traversal sequence in the 'kb_names' parameter, such as '../victim_user/kb_name'. The absence of proper path validation allows this payload to delete directories outside the intended user scope.

Remediation

Users can upgrade to Langflow version 1.9.0 or later, where this vulnerability has been fixed.