Back

Critical CVE-2025-34291 in Langflow AI Agent Under Active Exploitation

Severity: High (Score: 78.0)

Sources: Integsec, Csa.Sg

Published: 2026-05-30 · Updated: 2026-05-30

Keywords: langflow, cve-2025-34291, critical, agent, account, takeover, remote

Severity indicators: critical, remote code execution, ot, CVE:CVE-2025-34291, CVE:CVE-2025-34291, CVE:CVE-2025-34291

Summary

CVE-2025-34291 is a critical vulnerability affecting Langflow, an open-source AI agent platform, allowing attackers to take over accounts and execute arbitrary code. Disclosed on December 5, 2025, this vulnerability has a CVSS v4.0 score of 9.4, indicating severe risk. It affects versions 1.6.9 and earlier, particularly impacting organizations handling sensitive data. Attackers exploit this vulnerability through an overly permissive CORS configuration combined with misconfigured authentication cookies. As of May 21, 2026, it has been added to CISA's Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Organizations using Langflow are urged to update to the latest version immediately to mitigate risks. Key Points: • CVE-2025-34291 allows account takeover and arbitrary code execution in Langflow. • The vulnerability affects Langflow versions 1.6.9 and earlier, posing a severe risk to organizations. • Active exploitation has been confirmed, with urgent updates recommended for affected users.

Detailed Analysis

**Impact** Organizations using Langflow versions 1.6.9 and earlier are affected, particularly those in North America and regulated sectors such as healthcare, finance, and legal services. The vulnerability enables full account takeover and arbitrary code execution, risking exposure of sensitive customer data and proprietary AI workflows. A documented incident involved a northeastern U.S. bank suffering unauthorized loan approvals totaling $2.3 million, regulatory fines, and lawsuits. Compliance frameworks including SOC 2, HIPAA, and PCI DSS are impacted due to inadequate vulnerability management. **Technical Details** The exploited vulnerability, CVE-2025-34291, combines an overly permissive CORS configuration with improperly configured authentication cookies, enabling cross-origin credential theft. Attackers lure legitimate users to malicious websites to steal authentication tokens, gaining authenticated access to Langflow’s code-execution endpoints. The CVE has a CVSS v4.0 score of 9.4 and was publicly disclosed in December 2025. Active exploitation is confirmed, with the vulnerability listed in CISA’s Known Exploited Vulnerabilities catalog. No specific malware or IOCs were provided. **Recommended Response** Immediately update Langflow installations to the latest version beyond 1.6.9 to remediate the vulnerability. Harden CORS policies and review authentication cookie configurations to prevent credential theft. Monitor for unusual authentication activity and unauthorized code execution within Langflow environments. Deploy network and endpoint detections for suspicious cross-origin requests and token misuse. No additional specific IOCs or detection signatures were provided.

Source articles (2)

  • Critical Vulnerability in Langflow — Csa.Sg · 2026-05-29
    A critical vulnerability in Langflow discovered in December 2025 is now under active exploitation. Users and administrators are advised to update to the latest version immediately. Langflow, a platfor…
  • CVE-2025-34291: Langflow AI Agent Account Takeover and Remote Code Execution — Integsec · 2026-05-30
    CVE-2025-34291: Langflow AI Agent Account Takeover and Remote Code Execution - What It Means for Your Business and How to Respond CVE-2025-34291 represents a critical security threat to organizations…

Timeline

  • 2025-10-23 — CVE-2025-34291 officially recorded: The vulnerability was assigned a CVE ID, marking the start of its tracking.
  • 2025-12-05 — CVE-2025-34291 disclosed: Langflow's critical vulnerability was publicly disclosed by Obsidian Security.
  • 2026-05-18 — First public PoC released: A proof-of-concept for CVE-2025-34291 was made publicly available, indicating potential exploitation methods.
  • 2026-05-21 — Added to CISA KEV catalog: CVE-2025-34291 was included in CISA's Known Exploited Vulnerabilities list, confirming active exploitation.
  • 2026-05-29 — Urgent update advisory issued: Users of Langflow were advised to update immediately due to active exploitation of the vulnerability.

CVEs

  • CVE-2025-34291

Related entities

  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • Ransomware (Attack Type)
  • Supply Chain Attack (Attack Type)
  • IntegSec (Company)
  • Obsidian Security (Company)
  • Langflow (Company)
  • Canada (Country)
  • United States (Country)
  • CWE-20 - Improper Input Validation (Cwe)
  • Cwe-918 - Server-Side Request Forgery (ssrf) (Cwe)
  • Financial (Industry)
  • Healthcare (Industry)
  • Technology (Industry)
  • T1195 - Supply Chain Compromise (Mitre Attack)
  • T1486 - Data Encrypted for Impact (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
  • Docker (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed