CVE-2025-34291 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-12-05

Added to CISA KEV: 2026-05-21 167 DAYS BETWEEN CVE AND KEV

URGENT: Immediately upgrade Langflow to version 1.7.0 or later which fixes the CORS misconfiguration and cookie handling issues
Review all Langflow access logs for suspicious cross-origin requests, especially to /refresh endpoints, since January 2026
Implement network-level restrictions to limit Langflow access to trusted networks if possible
Check for unauthorized code execution, file modifications, or system changes on Langflow servers
Reset all user sessions and require re-authentication after patching
Monitor for unusual API calls or workflow executions that could indicate compromise

CVE-2025-34291 is a critical Remote Code Execution (RCE) vulnerability identified in the LangFlow AI framework ^[1].

Active Exploitation: The vulnerability has been observed being exploited in the wild, with activity first detected on January 23, 2026 ^[1].
CISA KEV Status: As of May 2026, the vulnerability has not been added to the CISA Known Exploited Vulnerabilities (KEV) catalog, though it was anticipated that such an inclusion would occur following the initial discovery of the campaign ^[1].
Targeted Attacks: While the vulnerability is being actively exploited, the exact scale and nature of the campaign remain difficult to confirm due to the specific mechanics of the exploit, which often involve redirecting traffic through user-initiated actions ^[1].

Root Cause: The vulnerability stems from a flaw in the Cross-Site Request Forgery (CSRF) protection mechanisms within the default configuration of LangFlow ^[1].
Exploitation Method: Threat actors leverage this CSRF weakness to execute unauthorized commands. Because the vulnerability relies on user interaction, the IP addresses observed during exploitation attempts often correspond to the victims who have been deceived by the attackers' ruse rather than the attackers' own infrastructure ^[1].
Internet-Facing Exposure: Given that LangFlow is an AI framework often deployed in accessible environments, applications or services using the default configuration are susceptible to these attacks if they are exposed to the internet ^[1].

CVE-2025-34291 Exploited in the Wild: LangFlow AI Framework...
Active exploitation of CVE-2025-34291 was observed starting on January 23rd, 2026. The vulnerability has not yet been added to CISA KEV, but we expect this to happen soon. CVE-2025-34291 originates from an issue in the cross-site request forgery protection of the LangFlow default configuration. As a…

🔴 CVE-2025-34291