CVE-2025-34291 — Langflow Langflow: Langflow Origin Validation Error Vulnerability

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
CISA KEV vulnerabilitycvecisa-kevactively-exploited
CVE-2025-34291 — Langflow Langflow: Langflow Origin Validation Error Vulnerability

Image via

CVE-2025-34291 — Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the

https://github.com/langflow-ai/langflow

What This Means For You

  • CISA has confirmed active exploitation — immediate patching required.
  • Added to CISA KEV catalog — federal agencies must remediate by 2026-06-04.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1566.002 Phishing: Spearphishing Link Initial Access T1059.003 Command and Scripting Interpreter: Windows Command Shell Execution

Indicators of Compromise

IDTypeIndicator
CVE-2025-34291 RCE Langflow affected by overly permissive CORS configuration
CVE-2025-34291 Auth Bypass Langflow refresh token cookie configured as SameSite=None
CVE-2025-34291 Code Injection Langflow vulnerable to cross-origin requests including credentials to refresh endpoint
CVE-2025-34291 Misconfiguration Langflow origin validation error vulnerability

Written by SCW Vulnerability Desk

🔎
Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic — straight from this vulnerability. Use /detect in the Intel Bot.
Open Intel Bot →
Source & Attribution
Source PlatformCISA
ChannelCISA KEV
Channel IDcisa-kev
Message ID202534291
PublishedMay 21, 2026 at 15:00 UTC
Original Linkhttps://github.com/langflow-ai/langflow

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-4843 — The GSheet For Woo Importer plugin for WordPress is

CVE-2026-4843 — The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the...

vulnerabilityCVEmedium-severitycwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

IINA CVE-2026-47114: macOS Command Execution via Malicious URL

CVE-2026-47114 — IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters...

vulnerabilityCVEhigh-severitycwe-88
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma
Featured

Daily Security Digest — 2026-05-21

48 vulnerability disclosures (6 Critical, 42 High) and 20 curated intelligence stories from 7 sources.

daily-digestvulnerabilityCVEcriticalhigh-severitybuffer-overflowcwe-122sql-injectioncwe-89cwe-121
/SCW Daily Digest /CRITICAL