Which versions of Langflow are affected by CVE-2025-34291?

Langflow versions 1.6.9 and earlier are vulnerable to account takeover and remote code execution through a combination of insecure cross-origin and authentication cookie configurations.. A patch is available.

Is there a public PoC exploit available for CVE-2025-34291?

Yes, a public proof-of-concept exploit is available for CVE-2025-34291. Prioritise patching immediately. EPSS: 17.6%.

How to fix or mitigate CVE-2025-34291?

Within 24 hours: Identify and inventory all Langflow deployments running version 1.6.9 or earlier; disable public internet access to Langflow instances if possible, or restrict to VPN/private networks only. Within 7 days: Implement WAF rules to block suspicious cross-origin requests to the refresh token endpoint; review and rotate all Langflow API tokens and user credentials; monitor authentication logs for suspicious token refresh activity. Within 30 days: Upgrade to Langflow 1.7.0 or later when patch is released; conduct security audit of Langflow configurations; implement network segmentation to limit lateral movement if compromise is detected.

Langflow CVE-2025-34291

Q: What is the CVSS score of CVE-2025-34291?

CVE-2025-34291 has a CVSS 4.0 base score of 9.4 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 17.6%.

EUVD-2025-201507 CRITICAL

Origin Validation Error (CWE-346)

2025-12-05 disclosure@vulncheck.com

GHSA-577h-p2hh-v4mv

RCE

9.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.4 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Severity Changed

May 21, 2026 - 20:22 NVD

HIGH CRITICAL

CVSS changed

May 21, 2026 - 20:22 NVD

8.8 (HIGH) 9.4 (CRITICAL)

Added to CISA KEV

May 21, 2026 - 19:31 CISA

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201507

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Jan 16, 2026 - 21:17 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 23:15 nvd

HIGH 8.8

DescriptionCVE.org

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints - including built-in code-execution functionality - allowing the attacker to execute arbitrary code and achieve full system compromise.

Analysis

CVE-2025-34291 vulnerability details – vuln.today

Back