CVE-2026-5026 is a stored cross-site scripting (XSS) vulnerability classified under CWE-79, found in the langflow-ai langflow product, specifically version 0. The vulnerability arises from the '/api/v1/files/images/{flow_id}/{file_name}' endpoint, which serves SVG files with the MIME type 'image/svg+xml' without properly sanitizing the SVG content. SVG files can embed JavaScript, and because the application does not neutralize this input, an attacker can upload a crafted SVG containing malicious JavaScript code. When other users access or view these SVG images, the embedded script executes in their browsers within the context of the vulnerable application. This can lead to theft of sensitive information, notably authentication tokens stored in cookies, including JWT access and refresh tokens, enabling session hijacking or further attacks. The vulnerability requires no authentication to exploit but does require user interaction to trigger the malicious script execution. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, partial user interaction, and high impact on confidentiality. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the common use of SVG files and the sensitive nature of stolen tokens. The lack of patch links suggests a fix is not yet publicly available, emphasizing the need for immediate mitigation steps by users of langflow.

The primary impact of CVE-2026-5026 is the compromise of user confidentiality through theft of authentication tokens, including JWT access and refresh tokens. This can lead to unauthorized access to user accounts and sensitive data, enabling attackers to impersonate legitimate users and escalate privileges. The integrity of user sessions may also be affected if attackers manipulate session tokens. While availability is not directly impacted, the breach of authentication mechanisms can lead to broader security incidents, including data breaches and lateral movement within affected networks. Organizations relying on langflow for workflow or automation tasks may face operational disruptions if attackers leverage stolen tokens to manipulate workflows or exfiltrate data. The vulnerability's ease of exploitation (no authentication required) and the widespread use of SVG images increase the risk of exploitation, particularly in environments where multiple users can upload or view SVG content. The lack of current known exploits provides a window for proactive defense, but the potential impact remains high if exploited.

To mitigate CVE-2026-5026, organizations should implement strict input validation and sanitization on all SVG uploads, ensuring that any embedded scripts or potentially malicious content are removed or neutralized before serving the files. Employing a whitelist approach to allowed SVG elements and attributes can reduce risk. If possible, restrict or disable SVG uploads entirely unless absolutely necessary. Use Content Security Policy (CSP) headers to limit the execution of inline scripts and restrict sources of executable code in browsers. Monitor and audit file upload endpoints for unusual activity and implement rate limiting to reduce abuse. Ensure that authentication tokens are stored securely using HttpOnly and Secure cookie flags to prevent theft via JavaScript. Regularly update langflow to the latest versions once patches become available. Additionally, educate users about the risks of interacting with untrusted SVG content and encourage reporting of suspicious files. Consider isolating SVG rendering in sandboxed environments or using server-side rendering techniques to avoid direct client execution of SVG scripts.