CISA adds Langflow Vulnerability to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation in the wild.

The flaw, tracked as CVE-2025-34291, stems from an origin validation error that could allow unauthenticated attackers to execute arbitrary code and achieve full system compromise.

CVE-2025-34291 affects Langflow, the open-source visual framework widely used to build AI-powered application workflows.

Langflow Vulnerability to Known Exploited Vulnerabilities

The vulnerability is classified under CWE-346 (Origin Validation Error) and carries serious implications for organizations deploying Langflow in production environments.

The root cause lies in an overly permissive Cross-Origin Resource Sharing (CORS) configuration, combined with a refresh token cookie set to SameSite=None.

The exploitation path for CVE-2025-34291 follows a browser-based cross-origin attack model. A victim visiting a malicious webpage while simultaneously authenticated to a Langflow instance can have their session credentials silently forwarded to the attacker-controlled origin.

Once an attacker obtains valid tokens through this mechanism, they gain access to authenticated API endpoints within Langflow. From there, the attack chain rapidly escalates, enabling arbitrary code execution and a full system compromise.

Because the refresh cookie is configured with SameSite=None, browsers do not restrict cross-site transmission, bypassing a critical browser-level defense.

The attacker then calls the /refresh endpoint, obtains a valid access token, and leverages it to interact with privileged Langflow API routes.

The result is remote code execution (RCE) with the privileges of the running Langflow service, which in many deployments runs with elevated system access.

The technical simplicity of exploiting a misconfigured CORS policy makes this flaw particularly dangerous across exposed deployments.

Mitigations

CISA officially added CVE-2025-34291 to the KEV Catalog on May 21, 2026, establishing a federal remediation deadline of June 4, 2026, for all agencies operating under Binding Operational Directive (BOD) 22-01.

Security teams and administrators should take the following immediate actions:

• Apply vendor patches as soon as they become available through official Langflow release channels
• Restrict CORS configurations to explicitly trusted origins, eliminating wildcard or overly broad allowlists
• Reconfigure session cookies to avoid SameSite=None unless strictly necessary, and pair it with Secure and proper origin checks
• Follow BOD 22-01 guidance if operating cloud-hosted instances under federal compliance mandates
• Discontinue use of vulnerable Langflow versions if no mitigations are immediately applicable

Federal agencies are bound by the June 4, 2026, deadline. Still, private-sector organizations running Langflow in AI development or production pipelines should treat this as a critical-priority patch, given the RCE’s potential.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post CISA adds Langflow Vulnerability to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.