A vulnerability was found in langflow-ai langflow up to 1.8.x . It has been declared as critical . The affected element is an unknown function of the file /api/v1/knowledge_bases of the component Knowledge Bases API . Executing a manipulation can lead to path traversal. This vulnerability is tracked as CVE-2026-42048 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.