By rssfeeds-admin The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation and urging organizations to remediate immediately.
The flaw affects Langflow, a popular tool used for building and deploying AI-driven workflows. The issue stems from an origin validation error caused by an overly permissive Cross-Origin Resource Sharing (CORS) configuration.
When combined with a refresh token cookie configured as SameSite=None, the vulnerability allows malicious websites to perform authenticated cross-origin requests.
This weakness enables attackers to:
- Send unauthorized requests from a victim’s browser.
- Access sensitive refresh tokens
- Call backend authentication endpoints.
- Potentially execute arbitrary code.
- Achieve full system compromise.
Langflow Origin Validation Flaw
The vulnerability is categorized under CWE-346 (Origin Validation Error), highlighting improper validation of request origins.
In practical terms, an attacker can trick a user into visiting a malicious webpage. Because of the flawed CORS policy and cookie configuration, the victim’s browser automatically includes authentication credentials in cross-origin requests.
This allows the attacker to silently interact with Langflow’s API, particularly the refresh endpoint, without user awareness.
Once refresh tokens are obtained, attackers can:
- Generate new access tokens.
- Maintain persistent access.
- Interact with authenticated endpoints.
- Escalate privileges within the system.
This type of attack is especially dangerous in environments where Langflow is integrated with AI pipelines, APIs, or cloud-based services.
CISA added CVE-2025-34291 to its KEV catalog on May 21, 2026, confirming that the vulnerability poses a significant threat to federal and enterprise systems.
Federal Civilian Executive Branch (FCEB) agencies are required to remediate the vulnerability by the due date under Binding Operational Directive (BOD) 22-01.
CISA strongly advises organizations to take immediate action:
- Apply vendor-provided patches or updates without delay.
- Review and restrict CORS configurations to trusted origins only.
- Avoid using SameSite=None for sensitive authentication cookies unless necessary.
- Implement additional protections such as CSRF tokens and strict origin validation.
- Monitor logs for suspicious cross-origin requests and token abuse.
- Discontinue use of Langflow if mitigations are not available.
Organizations using Langflow in production environments, especially those handling sensitive data or AI workflows, should prioritize this vulnerability given its potential to compromise the entire system.
The inclusion of this flaw in the KEV catalog underscores the growing risk of misconfigured web security controls in modern applications.
As AI platforms like Langflow become more widely adopted, attackers are increasingly targeting weaknesses in authentication flows and API security.
Security teams should treat CVE-2025-34291 as a high-priority issue and implement rapid mitigations to prevent unauthorized access and potential breaches.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.