CVE-2025-34291 — Langflow Langflow | CVSS 9.4 CRITICAL

CRITICAL

CVSS 9.4 CRITICAL  ·  EPSS 9%  ·  Langflow Langflow

Severity Overview

Summary

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.

Analyst Takeaway

The attack is launched over the network (remotely exploitable without physical access) and no authentication is required. This vulnerability is already in CISA KEV, which means exploitation has been confirmed in the wild — treat this as active risk, not theoretical exposure. The CVSS score places this in critical territory, so internet-facing systems and high-value assets should be prioritized for immediate remediation or compensating controls. In parallel with patching, defenders should review external exposure, hunt for signs of exploitation, and validate whether compensating controls are in place for vulnerable assets.

Detection Guidance

Recommended Actions

Immediate (0–24 Hours)

• Inventory: Identify all systems running Langflow Langflow. Include production, staging, dev, and cloud environments — untracked instances are the most likely to remain unpatched.
• Validate internet-facing exposure: Determine which of the affected systems are reachable from the public internet. Prioritize these for immediate remediation or compensating controls.
• Apply compensating controls now: For systems that cannot be patched immediately, implement temporary mitigations: restrict access via firewall rules or ACLs, add WAF rules if applicable, disable or isolate the vulnerable component if feasible without breaking critical operations.

Remediation

• Apply the vendor patch: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
• CISA directive deadline: 2026-06-04 — this is the mandatory deadline for US federal civilian agencies under BOD 22-01. All organizations should treat this date as a strong target regardless of federal mandate.
• Verify remediation: After patching, confirm the correct version is installed on all affected hosts. Run a vulnerability scan or use your asset management tooling to verify — do not rely solely on change tickets.

Detection Coverage

• Unauthenticated exploitation monitoring: Because this vulnerability requires no authentication, internet-facing scanning and exploitation attempts may begin within hours of public disclosure. Ensure alerting is in place before the end of the day.
• Threat intelligence feeds: Monitor your TI feeds and vendor advisory channels for published indicators of compromise (IOCs), proof-of-concept exploit releases, or active campaign reporting associated with this CVE — these should trigger an immediate hunt even if no internal alerts have fired.

Vulnerability Details

Additional Notes

This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/langflow-ai/langflow ; https://github.com/langflow-ai/langflow/releases/tag/v1.9.3; https://github.com/langflow-ai/langflow/issues/11465#event-25774545848 ; https://nvd.nist.gov/vuln/detail/CVE-2025-34291