Langflow
Coverage of Langflow in the Nexus archive.
- CISA orders feds to prioritize patching Langflow auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents, setting a deadline of Friday.
- CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CISA added four actively exploited vulnerabilities to its KEV catalog, including a critical path traversal flaw in Adobe ColdFusion (CVE-2026-48282) that could enable arbitrary code execution. The other flaws affect Joomla and Langflow, with all vulnerabilities being actively exploited.
- Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are exploiting a high-severity path traversal vulnerability (CVE-2026-5027) in the AI development platform Langflow to write arbitrary files on exposed servers.
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-34291 in Langflow (CVSS 9.4) and a flaw in Trend Micro Apex One. These security flaws have been identified as actively exploited in the wild.