Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

[KEV] CVE-2025-34291 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2025-34291 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2025-34291 is an origin validation error in Langflow, the open-source AI workflow builder, in which a misconfigured CORS policy combined with an insecurely scoped refresh token cookie enables cross-origin credential theft and subsequent authenticated API access.

Technical Detail

The vulnerability arises from two compounding weaknesses: an overly permissive CORS configuration that does not properly restrict allowed origins, and a refresh token cookie set with SameSite=None, which permits it to be transmitted in cross-site requests. An attacker who controls a malicious webpage can lure an authenticated Langflow user to that page, triggering cross-origin requests that carry the victim's credentials to the Langflow refresh endpoint, thereby obtaining valid session tokens. With those tokens, the attacker gains access to authenticated endpoints and can execute arbitrary code, resulting in full system compromise of the Langflow instance.

Exploitation Status

CISA has confirmed active exploitation in the wild, with this vulnerability added to the Known Exploited Vulnerabilities catalog on May 21, 2026. The exploit maturity is rated Operational, meaning functional exploit code capable of reliable exploitation exists and is being used in real-world attacks, not merely as a proof-of-concept demonstration.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Given the active exploitation status and the nature of Langflow as an AI workflow platform often deployed in development and enterprise environments, opportunistic actors targeting AI infrastructure should be considered a plausible threat profile, but no named group or campaign has been formally attributed to exploitation of this CVE.

What To Do

Per CISA's Known Exploited Vulnerabilities directive, organizations must apply vendor-supplied patches or implement mitigations by the required remediation date. Administrators should immediately review their Langflow deployment and apply any available security updates from the Langflow project. As interim mitigations, restrict CORS allowed origins to explicitly trusted domains only, and reconfigure the refresh token cookie to use SameSite=Strict or SameSite=Lax where operationally feasible. Network-level controls should be applied to limit Langflow instance exposure to trusted internal networks or authenticated VPN access. Detection efforts should focus on anomalous cross-origin requests to the refresh endpoint and unexpected token issuance events in application logs.