CVE-2025-34291

Aliases:GHSA-577h-p2hh-v4mvPYSEC-2025-78
Modified
Published: 05 Dec 2025, 22:27
Last modified:22 May 2026, 03:55

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.4 CRITICAL
v4.0 (cve.org)
EPSS Score
31.2% HIGH
31% probability +17.16%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

05 Dec 2025, 22:27
Published
Vulnerability first disclosed
21 May 2026, 00:00
Added to CISA KEV
Langflow Origin Validation Error Vulnerability
22 May 2026, 03:55
Last Modified
Vulnerability information updated
04 Jun 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.

CVSS Metrics

  • v4.0CRITICALScore: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
  • v4.0CRITICALScore: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • v3.1HIGHScore: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 31.20% Percentile: 97%

Techniques & Countermeasures

  • CWE-346Origin Validation Error

    The product does not properly verify that the source of data or communication is valid.

Affected Systems

  • langflowlangflow

    ≤ 1.6.9

  • PyPIlangflow

    ≤ 1.6.9 | < 1.7.0

References (10)