Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html
https://thehackernews.com/2026/07/iran-linked-hackers-use-new-cavern-c2.html
https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html
https://thehackernews.com/2026/05/cisa-adds-exploited-langflow-and-trend.html
Published: 2025-12-05
Updated: 2026-05-21
Known Exploited Vulnerability (KEV)
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: High
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
Base Score: 9.4
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Severity: Critical
EPSS: 0.7889