CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5412 vulnerabilities reference this CWE, most recent first.
GHSA-WX3G-P9W5-PP6M
Vulnerability from github – Published: 2024-06-13 00:31 – Updated: 2024-06-13 00:31An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests.
{
"affected": [],
"aliases": [
"CVE-2024-1963"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-12T23:15:49Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab\u0027s Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests.",
"id": "GHSA-wx3g-p9w5-pp6m",
"modified": "2024-06-13T00:31:23Z",
"published": "2024-06-13T00:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1963"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2376482"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-asana-integration-issue-mapping-when-webhook-is-called"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/443577"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WX6W-7QW9-7QJ5
Vulnerability from github – Published: 2025-09-29 18:33 – Updated: 2025-10-28 21:30AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within the current receive window, which violates RFC5961. This flaw allows attackers to send multiple random TCP RST packets to hit the acceptable range of sequence numbers, thereby interrupting normal connections and causing a denial-of-service attack.
{
"affected": [],
"aliases": [
"CVE-2025-56234"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-29T17:15:31Z",
"severity": "HIGH"
},
"details": "AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within the current receive window, which violates RFC5961. This flaw allows attackers to send multiple random TCP RST packets to hit the acceptable range of sequence numbers, thereby interrupting normal connections and causing a denial-of-service attack.",
"id": "GHSA-wx6w-7qw9-7qj5",
"modified": "2025-10-28T21:30:29Z",
"published": "2025-09-29T18:33:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56234"
},
{
"type": "WEB",
"url": "https://github.com/zq-star/TCP-Vuln-Report/blob/master/PLC/AT-NA2000/tcp-rst/at-na2000-tcp-rst.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WX77-P7QV-FM55
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.
{
"affected": [],
"aliases": [
"CVE-2017-14028"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-16T21:29:00Z",
"severity": "HIGH"
},
"details": "A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.",
"id": "GHSA-wx77-p7qv-fm55",
"modified": "2022-05-13T01:37:39Z",
"published": "2022-05-13T01:37:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14028"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101885"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WX77-RP39-C6VG
Vulnerability from github – Published: 2020-09-04 15:11 – Updated: 2022-03-24 22:10All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "markdown"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:55:21Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "All versions of `markdown` are vulnerable to Regular Expression Denial of Service (ReDoS). The `markdown.toHTML()` function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input.\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
"id": "GHSA-wx77-rp39-c6vg",
"modified": "2022-03-24T22:10:13Z",
"published": "2020-09-04T15:11:03Z",
"references": [
{
"type": "PACKAGE",
"url": "https://github.com/evilstreak/markdown-js"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1330"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Regular Expression Denial of Service in markdown"
}
GHSA-WXMM-5QPH-24V9
Vulnerability from github – Published: 2026-06-09 21:32 – Updated: 2026-06-14 00:30A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
{
"affected": [],
"aliases": [
"CVE-2025-52293"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T19:17:31Z",
"severity": "HIGH"
},
"details": "A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.",
"id": "GHSA-wxmm-5qph-24v9",
"modified": "2026-06-14T00:30:27Z",
"published": "2026-06-09T21:32:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52293"
},
{
"type": "WEB",
"url": "https://infosec.exchange/@sigdevel/116710484148913883"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/13/19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXQC-PXW9-G2P8
Vulnerability from github – Published: 2023-04-13 21:30 – Updated: 2024-06-10 18:30In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS) condition.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-expression"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-expression"
},
"ranges": [
{
"events": [
{
"introduced": "5.3.0"
},
{
"fixed": "5.3.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-expression"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.2.24.RELEASE"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-20863"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770",
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-17T17:19:53Z",
"nvd_published_at": "2023-04-13T20:15:00Z",
"severity": "HIGH"
},
"details": "In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS) condition.",
"id": "GHSA-wxqc-pxw9-g2p8",
"modified": "2024-06-10T18:30:45Z",
"published": "2023-04-13T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/965a6392757d20f9db19241126fcc719a51eac15"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/b73f5fcac22555f844cf27a7eeb876cb9d7f7f7e"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/ebc82654282bda547fbc20a9749ab1bda886a46f"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-framework"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240524-0015"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2023-20863"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Spring Framework vulnerable to denial of service"
}
GHSA-WXQQ-GCQ8-C443
Vulnerability from github – Published: 2026-07-15 22:58 – Updated: 2026-07-15 22:58Impact
Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DD_TRACE_BAGGAGE_MAX_ITEMS (default 64) and DD_TRACE_BAGGAGE_MAX_BYTES (default 8192) limits were applied only to baggage injection, not extraction. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separated key-value pairs (or a single very large value). The tracer allocates a hash-map entry for each pair on every request, causing unbounded CPU and memory consumption and enabling a remote Denial of Service against any HTTP service that has the baggage propagation style enabled. The baggage propagation style is enabled by default in most affected tracers, so any internet-facing service that has been instrumented with an affected tracer version is exposed unless the propagation style has been explicitly narrowed.
Patches
This is resolved in version 5.100.0 and later of the dd-trace-js library.
Workarounds
If users cannot upgrade immediately:
1. Disable baggage extraction by removing baggage from DD_TRACE_PROPAGATION_STYLE (or DD_TRACE_PROPAGATION_STYLE_EXTRACT if set independently).
2. Cap the maximum HTTP request header size at an upstream proxy or web server (for example, Apache LimitRequestFieldSize, Nginx large_client_header_buffers, Envoy max_request_headers_kb).
Resources
Related upstream advisories: opentelemetry-go GHSA-mh2q-q3fh-2475 opentelemetry-dotnet GHSA-g94r-2vxg-569j
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dd-trace"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.100.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50272"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-15T22:58:52Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nDatadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DD_TRACE_BAGGAGE_MAX_ITEMS (default 64) and DD_TRACE_BAGGAGE_MAX_BYTES (default 8192) limits were applied only to baggage injection, not extraction. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separated key-value pairs (or a single very large value). The tracer allocates a hash-map entry for each pair on every request, causing unbounded CPU and memory consumption and enabling a remote Denial of Service against any HTTP service that has the baggage propagation style enabled.\nThe baggage propagation style is enabled by default in most affected tracers, so any internet-facing service that has been instrumented with an affected tracer version is exposed unless the propagation style has been explicitly narrowed.\n\n### Patches\nThis is resolved in version 5.100.0 and later of the `dd-trace-js` library.\n\n### Workarounds\nIf users cannot upgrade immediately:\n1. Disable `baggage` extraction by removing `baggage` from `DD_TRACE_PROPAGATION_STYLE` (or `DD_TRACE_PROPAGATION_STYLE_EXTRACT` if set independently).\n2. Cap the maximum HTTP request header size at an upstream proxy or web server (for example, Apache `LimitRequestFieldSize`, Nginx `large_client_header_buffers`, Envoy `max_request_headers_kb`).\n\n\n### Resources\nRelated upstream advisories:\n[opentelemetry-go GHSA-mh2q-q3fh-2475](https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-mh2q-q3fh-2475)\n[opentelemetry-dotnet GHSA-g94r-2vxg-569j](https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-g94r-2vxg-569j)",
"id": "GHSA-wxqq-gcq8-c443",
"modified": "2026-07-15T22:58:52Z",
"published": "2026-07-15T22:58:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/DataDog/dd-trace-js/security/advisories/GHSA-wxqq-gcq8-c443"
},
{
"type": "PACKAGE",
"url": "https://github.com/DataDog/dd-trace-js"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS"
}
GHSA-WXRW-GVG8-FQJP
Vulnerability from github – Published: 2026-02-06 22:52 – Updated: 2026-02-09 22:39Summary
The DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly create sessions and drive memory exhaustion.
Vulnerable Component
server/c2/dns.go:84-90(EnforceOTPstored but not enforced in bootstrap)server/c2/dns.go:378-390(TOTPrequests routed directly to bootstrap)server/c2/dns.go:490-521(handleHelloallocates session without OTP validation)server/c2/dns.go:495(sessions.Storewith no lifecycle control in this path)client/command/jobs/dns.go:46-52(operator-facingEnforceOTPcontrol implies auth gate)implant/sliver/transports/dnsclient/dnsclient.go:896-900(otpMsgsendsTOTPwithID=0)protobuf/dnspb/dns.proto:22(documents TOTP inIDfield)
Attack Vector
- Network-accessible DNS listener
- No authentication required
- Low-complexity repeated DNS query loop
- Trigger path:
DNSMessageType_TOTPbootstrap handling
Proof of Concept
Preconditions
- DNS listener is reachable
- DNS C2 job is active
Reproduction Steps
- Send repeated DNS queries with a minimal protobuf message of type
TOTP. - Observe repeated session allocation/issuance behavior.
- Continue requests to increase active in-memory session state.
Example
while true; do
dig +short @<DNS_C2_IP> baa8.<parent-domain> A >/dev/null
done
baa8 is a base32 payload for a minimal TOTP-type protobuf message.
Observable Indicators
- Repeated bootstrap/session-allocation log entries from
handleHello - Rising memory usage in the Sliver server process
- Service slowdown or instability under sustained request volume
Impact
- Unauthenticated remote denial of service (availability)
- Resource exhaustion through unbounded session growth in DNS bootstrap path
- Estimated CVSS v3.1:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H(7.5 High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.6.11"
},
"package": {
"ecosystem": "Go",
"name": "github.com/bishopfox/sliver"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25791"
],
"database_specific": {
"cwe_ids": [
"CWE-306",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-06T22:52:00Z",
"nvd_published_at": "2026-02-09T21:15:49Z",
"severity": "HIGH"
},
"details": "## Summary\nThe DNS C2 listener accepts unauthenticated `TOTP` bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when `EnforceOTP` is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly create sessions and drive memory exhaustion.\n\n## Vulnerable Component\n- `server/c2/dns.go:84-90` (`EnforceOTP` stored but not enforced in bootstrap)\n- `server/c2/dns.go:378-390` (`TOTP` requests routed directly to bootstrap)\n- `server/c2/dns.go:490-521` (`handleHello` allocates session without OTP validation)\n- `server/c2/dns.go:495` (`sessions.Store` with no lifecycle control in this path)\n- `client/command/jobs/dns.go:46-52` (operator-facing `EnforceOTP` control implies auth gate)\n- `implant/sliver/transports/dnsclient/dnsclient.go:896-900` (`otpMsg` sends `TOTP` with `ID=0`)\n- `protobuf/dnspb/dns.proto:22` (documents TOTP in `ID` field)\n\n## Attack Vector\n- Network-accessible DNS listener\n- No authentication required\n- Low-complexity repeated DNS query loop\n- Trigger path: `DNSMessageType_TOTP` bootstrap handling\n\n## Proof of Concept\n### Preconditions\n- DNS listener is reachable\n- DNS C2 job is active\n\n### Reproduction Steps\n1. Send repeated DNS queries with a minimal protobuf message of type `TOTP`.\n2. Observe repeated session allocation/issuance behavior.\n3. Continue requests to increase active in-memory session state.\n\n### Example\n```bash\nwhile true; do\n dig +short @\u003cDNS_C2_IP\u003e baa8.\u003cparent-domain\u003e A \u003e/dev/null\ndone\n```\n\n`baa8` is a base32 payload for a minimal TOTP-type protobuf message.\n\n### Observable Indicators\n- Repeated bootstrap/session-allocation log entries from `handleHello`\n- Rising memory usage in the Sliver server process\n- Service slowdown or instability under sustained request volume\n\n## Impact\n- Unauthenticated remote denial of service (availability)\n- Resource exhaustion through unbounded session growth in DNS bootstrap path\n- Estimated CVSS v3.1: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` (**7.5 High**)",
"id": "GHSA-wxrw-gvg8-fqjp",
"modified": "2026-02-09T22:39:50Z",
"published": "2026-02-06T22:52:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-wxrw-gvg8-fqjp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25791"
},
{
"type": "WEB",
"url": "https://github.com/BishopFox/sliver/commit/2b65089b27c553e79e69f1067cad1339e4f3d937"
},
{
"type": "PACKAGE",
"url": "https://github.com/BishopFox/sliver"
},
{
"type": "WEB",
"url": "https://github.com/BishopFox/sliver/releases/tag/v1.7.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service"
}
GHSA-X223-P2GF-V735
Vulnerability from github – Published: 2026-06-17 18:43 – Updated: 2026-06-17 18:43Summary
Unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow.
This can lead to space exhaustion on the server.
In adition, in the response, the absolute path of the uploaded file is reported to the attacker, which is an information leak that can assist in chaining other primitives.
Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe
Details
Code is in langflow/api/v1/[endpoints.py](http://endpoints.py/):
@router.post(
"/upload/{flow_id}",
status_code=HTTPStatus.CREATED,
deprecated=True,
)
async def create_upload_file(
file: UploadFile,
flow_id: UUID,
) -> UploadFileResponse:
...
As can be seen above, there is no authentication. There is not validation over flow_id as well, unlike other endpoints:
flow_id_str = str(flow_id)
file_path = await asyncio.to_thread(save_uploaded_file, file, folder_name=flow_id_str)
Function save_uploaded_file saves the file to local file-system.
Suggested fix:
1. Add authentication to route.
2. Only return relative path or filename.
PoC
PoC:
curl 'http://localhost:7860/api/v1/upload/<any_uuid>' -F "file=@<any_file>"
Example:
# curl 'http://localhost:7860/api/v1/upload/11111111-1111-1111-1111-111111111111' -F "file=@/tmp/dummy.txt"
{"flowId":"11111111-1111-1111-1111-111111111111","file_path":"/Users/ori/Library/Caches/langflow/11111111-1111-1111-1111-111111111111/9d63c3b5b7623d1fa3dc7fd1547313b9546c6d0fbbb6773a420613b7a17995c8.txt"}
Impact
- Space exhaustion on server that can lead to Denial-of-Service.
- Information leak - leakage of absolute path of langflow's cache directory in server.
Patches
Fixed in 1.9.1 via PR #12831. The deprecated POST /api/v1/upload/{flow_id} endpoint now uses the get_flow dependency, requiring an authenticated user and flow ownership (returns 404 for missing or cross-user flows), and enforces the max_file_size_upload limit (HTTP 413) — closing the unauthenticated upload and disk-exhaustion vectors. Upgrade to 1.9.1 or later.
Note: the response still returns the file's absolute path (file_path); after this fix it is only disclosed to the authenticated owner of the flow.
Ori Lahav Security Researcher @ Rubrik Inc.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "langflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-55450"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-306",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-17T18:43:12Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Summary\nUnauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow.\n\nThis can lead to space exhaustion on the server.\n\nIn adition, in the response, the absolute path of the uploaded file is reported to the attacker, which is an information leak that can assist in chaining other primitives.\n\nTested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe\n\n### Details\nCode is in `langflow/api/v1/[endpoints.py](http://endpoints.py/)`:\n```python\n@router.post(\n \"/upload/{flow_id}\",\n status_code=HTTPStatus.CREATED,\n deprecated=True,\n)\nasync def create_upload_file(\n file: UploadFile,\n flow_id: UUID,\n) -\u003e UploadFileResponse:\n...\n```\nAs can be seen above, there is no authentication. There is not validation over `flow_id` as well, unlike other endpoints:\n```\n flow_id_str = str(flow_id)\n file_path = await asyncio.to_thread(save_uploaded_file, file, folder_name=flow_id_str)\n```\nFunction `save_uploaded_file` saves the file to local file-system.\nSuggested fix:\n1. Add authentication to route.\n2. Only return relative path or filename.\n\n### PoC\nPoC:\n```bash\ncurl \u0027http://localhost:7860/api/v1/upload/\u003cany_uuid\u003e\u0027 -F \"file=@\u003cany_file\u003e\"\n```\n\nExample:\n```bash\n# curl \u0027http://localhost:7860/api/v1/upload/11111111-1111-1111-1111-111111111111\u0027 -F \"file=@/tmp/dummy.txt\"\n{\"flowId\":\"11111111-1111-1111-1111-111111111111\",\"file_path\":\"/Users/ori/Library/Caches/langflow/11111111-1111-1111-1111-111111111111/9d63c3b5b7623d1fa3dc7fd1547313b9546c6d0fbbb6773a420613b7a17995c8.txt\"}\n```\n\n### Impact\n1. Space exhaustion on server that can lead to Denial-of-Service.\n2. Information leak - leakage of absolute path of langflow\u0027s cache directory in server.\n\n\n\n\n\n### Patches\nFixed in **1.9.1** via PR [#12831](https://github.com/langflow-ai/langflow/pull/12831). The deprecated `POST /api/v1/upload/{flow_id}` endpoint now uses the `get_flow` dependency, requiring an authenticated user and flow ownership (returns `404` for missing or cross-user flows), and enforces the `max_file_size_upload` limit (`HTTP 413`) \u2014 closing the unauthenticated upload and disk-exhaustion vectors. Upgrade to **1.9.1 or later**.\n\nNote: the response still returns the file\u0027s absolute path (`file_path`); after this fix it is only disclosed to the authenticated owner of the flow.\n\n\nOri Lahav\nSecurity Researcher @ Rubrik Inc.",
"id": "GHSA-x223-p2gf-v735",
"modified": "2026-06-17T18:43:12Z",
"published": "2026-06-17T18:43:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-x223-p2gf-v735"
},
{
"type": "WEB",
"url": "https://github.com/langflow-ai/langflow/pull/12831"
},
{
"type": "PACKAGE",
"url": "https://github.com/langflow-ai/langflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak"
}
GHSA-X23C-287F-QQV5
Vulnerability from github – Published: 2026-06-09 06:31 – Updated: 2026-06-09 06:31Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
{
"affected": [],
"aliases": [
"CVE-2026-41842"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T05:16:36Z",
"severity": "HIGH"
},
"details": "Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.",
"id": "GHSA-x23c-287f-qqv5",
"modified": "2026-06-09T06:31:57Z",
"published": "2026-06-09T06:31:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41842"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2026-41842"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.