CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 22, 2026

CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog

Cybersecurity News Archived May 22, 2026 ✓ Full text saved

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation and urging organizations to remediate immediately. The flaw affects Langflow, a popular tool used for building and deploying AI-driven workflows. The issue stems from an origin validation error […] The post CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabili

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog By Abinaya May 22, 2026  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation and urging organizations to remediate immediately. The flaw affects Langflow, a popular tool used for building and deploying AI-driven workflows. The issue stems from an origin validation error caused by an overly permissive Cross-Origin Resource Sharing (CORS) configuration. When combined with a refresh token cookie configured as SameSite=None, the vulnerability allows malicious websites to perform authenticated cross-origin requests. This weakness enables attackers to: Send unauthorized requests from a victim’s browser. Access sensitive refresh tokens Call backend authentication endpoints. Potentially execute arbitrary code. Achieve full system compromise. Langflow Origin Validation Flaw The vulnerability is categorized under CWE-346 (Origin Validation Error), highlighting improper validation of request origins. In practical terms, an attacker can trick a user into visiting a malicious webpage. Because of the flawed CORS policy and cookie configuration, the victim’s browser automatically includes authentication credentials in cross-origin requests. This allows the attacker to silently interact with Langflow’s API, particularly the refresh endpoint, without user awareness. Once refresh tokens are obtained, attackers can: Generate new access tokens. Maintain persistent access. Interact with authenticated endpoints. Escalate privileges within the system. This type of attack is especially dangerous in environments where Langflow is integrated with AI pipelines, APIs, or cloud-based services. CISA added CVE-2025-34291 to its KEV catalog on May 21, 2026, confirming that the vulnerability poses a significant threat to federal and enterprise systems. Federal Civilian Executive Branch (FCEB) agencies are required to remediate the vulnerability by the due date under Binding Operational Directive (BOD) 22-01. CISA strongly advises organizations to take immediate action: Apply vendor-provided patches or updates without delay. Review and restrict CORS configurations to trusted origins only. Avoid using SameSite=None for sensitive authentication cookies unless necessary. Implement additional protections such as CSRF tokens and strict origin validation. Monitor logs for suspicious cross-origin requests and token abuse. Discontinue use of Langflow if mitigations are not available. Organizations using Langflow in production environments, especially those handling sensitive data or AI workflows, should prioritize this vulnerability given its potential to compromise the entire system. The inclusion of this flaw in the KEV catalog underscores the growing risk of misconfigured web security controls in modern applications. As AI platforms like Langflow become more widely adopted, attackers are increasingly targeting weaknesses in authentication flows and API security. Security teams should treat CVE-2025-34291 as a high-priority issue and implement rapid mitigations to prevent unauthorized access and potential breaches. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Mini Shai-Hulud Compromises @antv npm Packages to Steal CI/CD Credentials PinTheft Linux Vulnerability Let Attackers Gain Root Access – PoC Released Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain Android Malware Silently Subscribes Victims to Premium Services Without Consent Latest News Cyber Security News CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks Cyber Security News Android Malware Silently Subscribes Victims to Premium Services Without Consent Cyber Security News Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University Cyber Security Canadian Man Arrested for Operating KimWolf DDoS Botnet Hacking 2 Million Devices Cyber Security News Hackers Hide Malware Payloads Inside Nested macOS-Like Folders to Evade Scanning
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 22, 2026
    Archived
    May 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗