CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
Cybersecurity NewsArchived May 22, 2026✓ Full text saved
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation and urging organizations to remediate immediately. The flaw affects Langflow, a popular tool used for building and deploying AI-driven workflows. The issue stems from an origin validation error […] The post CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabili
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
By Abinaya
May 22, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation and urging organizations to remediate immediately.
The flaw affects Langflow, a popular tool used for building and deploying AI-driven workflows. The issue stems from an origin validation error caused by an overly permissive Cross-Origin Resource Sharing (CORS) configuration.
When combined with a refresh token cookie configured as SameSite=None, the vulnerability allows malicious websites to perform authenticated cross-origin requests.
This weakness enables attackers to:
Send unauthorized requests from a victim’s browser.
Access sensitive refresh tokens
Call backend authentication endpoints.
Potentially execute arbitrary code.
Achieve full system compromise.
Langflow Origin Validation Flaw
The vulnerability is categorized under CWE-346 (Origin Validation Error), highlighting improper validation of request origins.
In practical terms, an attacker can trick a user into visiting a malicious webpage. Because of the flawed CORS policy and cookie configuration, the victim’s browser automatically includes authentication credentials in cross-origin requests.
This allows the attacker to silently interact with Langflow’s API, particularly the refresh endpoint, without user awareness.
Once refresh tokens are obtained, attackers can:
Generate new access tokens.
Maintain persistent access.
Interact with authenticated endpoints.
Escalate privileges within the system.
This type of attack is especially dangerous in environments where Langflow is integrated with AI pipelines, APIs, or cloud-based services.
CISA added CVE-2025-34291 to its KEV catalog on May 21, 2026, confirming that the vulnerability poses a significant threat to federal and enterprise systems.
Federal Civilian Executive Branch (FCEB) agencies are required to remediate the vulnerability by the due date under Binding Operational Directive (BOD) 22-01.
CISA strongly advises organizations to take immediate action:
Apply vendor-provided patches or updates without delay.
Review and restrict CORS configurations to trusted origins only.
Avoid using SameSite=None for sensitive authentication cookies unless necessary.
Implement additional protections such as CSRF tokens and strict origin validation.
Monitor logs for suspicious cross-origin requests and token abuse.
Discontinue use of Langflow if mitigations are not available.
Organizations using Langflow in production environments, especially those handling sensitive data or AI workflows, should prioritize this vulnerability given its potential to compromise the entire system.
The inclusion of this flaw in the KEV catalog underscores the growing risk of misconfigured web security controls in modern applications.
As AI platforms like Langflow become more widely adopted, attackers are increasingly targeting weaknesses in authentication flows and API security.
Security teams should treat CVE-2025-34291 as a high-priority issue and implement rapid mitigations to prevent unauthorized access and potential breaches.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Mini Shai-Hulud Compromises @antv npm Packages to Steal CI/CD Credentials
PinTheft Linux Vulnerability Let Attackers Gain Root Access – PoC Released
Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image
Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain
Android Malware Silently Subscribes Victims to Premium Services Without Consent
Latest News
Cyber Security News
CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks
Cyber Security News
Android Malware Silently Subscribes Victims to Premium Services Without Consent
Cyber Security News
Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University
Cyber Security
Canadian Man Arrested for Operating KimWolf DDoS Botnet Hacking 2 Million Devices
Cyber Security News
Hackers Hide Malware Payloads Inside Nested macOS-Like Folders to Evade Scanning