AI description
CVE-2025-34291 is a chained vulnerability affecting Langflow versions up to and including 1.6.9, which can lead to account takeover and remote code execution (RCE). This flaw stems from an overly permissive Cross-Origin Resource Sharing (CORS) configuration, where `allow_origins='*'` is combined with `allow_credentials=True`. This misconfiguration, coupled with a refresh token cookie set to `SameSite=None`, allows a malicious webpage to make cross-origin requests that include user credentials. By successfully calling the refresh endpoint, an attacker can obtain valid access and refresh token pairs for a victim's session. These acquired tokens can then be used to access authenticated endpoints, including those designed for code execution, ultimately enabling the attacker to achieve remote code execution. The vulnerability also involves a lack of CSRF protection on the token refresh endpoint and a code validation endpoint that permits code execution by design. Active exploitation of this vulnerability has been observed.
- Description
- Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- langflow
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- disclosure@vulncheck.com
- CWE-346
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Another feature update today, focused on two new CVEs, now live on Github, see details below: CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is below known safe versions. CVE-2025-34291 - Looks at both version and web security settings.
@CoyoteSecure
22 Feb 2026
4493 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
2 Quotes
🚨 This week’s CrowdSec Threat Alert highlights CVE-2025-34291, a critical LangFlow RCE actively exploited in the wild. 👀 Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise. Explore the att
@Crowd_Security
26 Jan 2026
230 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-34291 - critical 🚨 Langflow AI <= 1.6.9 - CORS Misconfiguration > Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that... 👾 https://t.co/e1YPPdeZ52 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
4 Jan 2026
210 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-34291: Critical Account Takeover and RCE Vulnerability in the Langflow AI Agent & Workflow Platform https://t.co/6BFy4NrXa9
@AISecHub
6 Dec 2025
207 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-34291 Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configu… https://t.co/iardPZwPYU
@CVEnew
5 Dec 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D74DC53-9772-4172-822E-3E29E5A4DDC9",
"versionEndIncluding": "1.6.9"
}
],
"operator": "OR"
}
]
}
]