Overly permissive cross-domain whitelist in Langflow - CVE-2025-34291
Published: May 26, 2026
Vulnerability identifier: #VU132303
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2025-34291
CWE-ID: CWE-942
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Langflow
Affected software:
Langflow
Langflow
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper access control in the CORS configuration and refresh token handling when processing cross-origin requests with credentials. A remote attacker can host a malicious webpage that triggers credentialed requests to obtain fresh session tokens and use authenticated code-execution functionality to execute arbitrary code.
User interaction is required to visit an attacker-controlled webpage while authenticated to the application.
How to mitigate CVE-2025-34291
Install security update from vendor's website.
Sources
- https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform
- https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291
- https://www.crowdsec.net/vulntracking-report/cve-2025-34291