How is CVE-2026-7528 exploited?

Network reachability (required): The attacker must reach the Langflow service over the network; the CVSS vector specifies AV:N, meaning no local access or physical proximity is required. Authentication (required): A valid low-privilege account is sufficient; the CVSS vector specifies PR:L, so anonymous access alone is not enough to trigger the upload endpoint. Victim interaction (not-required): No user action is needed on the target side; the attacker drives the entire exploit without any social-engineering step. Attack complexity (info): Attack complexity is low (AC:L), meaning the exploit is reliable and requires no race conditions, special memory layout, or other variable environmental conditions.

What is the impact of CVE-2026-7528?

Fills available disk space on the host running Langflow, causing the service to stop accepting new data or crash outright. Disrupts any co-located services or sidecar containers that share the same underlying storage volume. Exposes internal file-system path strings that can inform follow-on attacks targeting directory traversal or local file inclusion weaknesses. Confidentiality impact is partial (C:L): path disclosure is limited but provides an attacker with structural knowledge of the deployment.

Back to search

HIGHCVE-2026-7528Published 2026-05-27Modified 2026-05-27CNA ibm

CVE-2026-7528: Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An uncontrolled resource consumption vulnerability in IBM Langflow OSS (versions 1.0.0 through 1.9.0) allows an authenticated remote attacker to exhaust disk space by uploading files without adequate size or rate limits, and may expose internal file-system paths in the process. The attacker must reach the service over the network and hold a low-privilege account, but no victim interaction is needed. Successful exploitation disrupts the Langflow service by filling available disk space, potentially taking the instance offline, and leaks partial path information. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-7528 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that package IBM Langflow OSS. Any image carrying an affected version (1.0.0 through 1.9.0) is flagged automatically.

Available

Triage

HarborGuard scores this issue at CVSS 7.1 (HIGH) and weights it against each environment's compliance policy to determine routing priority. Triage tickets are surfaced to the appropriate team inbox within each customer organization based on the image owner and configured escalation rules.

Available

Patch

Because no upstream fix version exists yet, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment IBM publishes a corrected release. In the interim, the CVE remains open and tracked in each affected customer's vulnerability queue.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Langflow service over the network; the CVSS vector specifies AV:N, meaning no local access or physical proximity is required.
AuthenticationRequired
A valid low-privilege account is sufficient; the CVSS vector specifies PR:L, so anonymous access alone is not enough to trigger the upload endpoint.
Victim interactionNot required
No user action is needed on the target side; the attacker drives the entire exploit without any social-engineering step.
Attack complexityDetail
Attack complexity is low (AC:L), meaning the exploit is reliable and requires no race conditions, special memory layout, or other variable environmental conditions.

Blast Radius

Fills available disk space on the host running Langflow, causing the service to stop accepting new data or crash outright.
Disrupts any co-located services or sidecar containers that share the same underlying storage volume.
Exposes internal file-system path strings that can inform follow-on attacks targeting directory traversal or local file inclusion weaknesses.
Confidentiality impact is partial (C:L): path disclosure is limited but provides an attacker with structural knowledge of the deployment.

How HarborGuard Handles This

Available on HarborGuard: images containing IBM Langflow OSS 1.0.0 through 1.9.0 are flagged automatically within minutes of CVE ingestion, with the finding scored at HIGH (CVSS 7.1) and routed according to each organization's compliance policy. Because IBM has not yet published a fix version, no patched-image rebuild is available at this time. HarborGuard re-checks the upstream advisory on every ingest cycle and will trigger a rebuild and, for customers with auto-remediation enabled, open a regression-tested PR against affected workloads the moment a fix version is released. In the interim, recommended compensating controls include restricting the file-upload endpoint behind a network policy that limits inbound access to trusted source CIDRs, applying ingress rate limiting or request-size caps at the load balancer or API gateway layer, and monitoring disk utilization on Langflow nodes with an alert threshold well below capacity to allow time for manual response.

See how HarborGuard automates this

CVSS v3.1: 7.1
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

IBM / Langflow OSS
≤ 1.9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

References

ibm.com