CNNVD-202512-3797 Information

CNNVD ID

CNNVD-202512-3797

Related CVE

CVE-2025-68478

• CNNVD Published: 2025-12-19

Description (Chinese)

Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.7.0之前版本存在安全漏洞，该漏洞源于未对文件路径进行限制或规范化，可能导致任意文件创建或覆盖。

Description (English)

Langflow is a visual framework for building multi-agent and RAG applications from Langflow Open Source. There was a security loophole in the previous version of Langflow 1.7.0, which stemmed from the lack of restriction or regularization of the document ’ s path, which could lead to the creation or coverage of any document.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Langflow

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4 https://access.redhat.com/security/cve/cve-2025-68478

Patch

https://github.com/langflow-ai/langflow/releases