Fixed Intel

CVE-2025-34291

High
CVSS 8.8PoC Available

Description

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.

CVSS Score

8.8/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Classification (CWE)

CWE-346CWE-346MITRE

Known Exploits

POC
https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platformexploit

Related Articles (1)

Industry News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Mar 9, 2026

References (3)

https://github.com/langflow-ai/langflowdisclosure@vulncheck.comhttps://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platformdisclosure@vulncheck.comhttps://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rcedisclosure@vulncheck.com

Risk Assessment

ELEVATED
Known exploit

Details

Severity
High
CVSS
8.8
CWE
CWE-346
Exploit
POC
CISA KEV
No
Articles
1

Timeline

Published

Dec 5, 2025

External Links

NVD (NIST)CVE DetailsMITRE CVE