Path-traversal vulnerability CVE-2026-5027 in Langflow is actively being exploited to inject arbitrary files on unprotected servers.