Langflow is a organization tracked across 16 threat clusters and 28 intelligence report mentions on ThreatCluster. First observed March 3, 2026; most recent activity July 16, 2026.
CVE-2025-34291 is a critical vulnerability affecting Langflow, an open-source AI agent platform, allowing attackers to take over accounts and execute arbitrary code. Disclosed on December 5, 2025, this vulnerability has…
Russian state-aligned threat groups are increasingly exploiting Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), and supply chain vulnerabilities to gain initial access to networks across various sectors,…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
The Langflow vulnerability CVE-2026-33017 is being actively exploited to steal AWS keys and create a botnet known as 'KeyHunter.' This vulnerability allows for remote code execution on unpatched Langflow instances,…
A critical vulnerability in Langflow, tracked as CVE-2026-33017, allows unauthenticated remote code execution (RCE) via the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. This flaw was exploited within 20 hours…
On April 8, 2026, a critical pre-authenticated remote code execution vulnerability (CVE-2026-39987) was disclosed in Marimo, an open-source Python notebook platform. The flaw allows unauthenticated attackers to gain a…
Obsidian Security identified a critical one-click remote code execution (RCE) vulnerability in Flowise (CVE-2026-40933), affecting self-hosted deployments. The flaw allows attackers to execute arbitrary server-side code…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
A report by OX Security has identified a critical vulnerability in the Model Context Protocol (MCP) developed by Anthropic, potentially exposing over 200,000 AI servers to remote code execution. The flaw lies in the…
A design flaw in Anthropic's Model Context Protocol (MCP) threatens approximately 200,000 servers with complete takeover, according to the Ox research team. Despite multiple requests for a patch, Anthropic maintains…