CVE-2025-34291

UNKNOWN 0.0

Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.

CWE	CWE-346
Vendor	langflow
Product	langflow
Published	Dec 5, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for langflow langflow

Be the first to know when new unknown vulnerabilities affecting langflow langflow are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Langflow / Langflow

0 ≤ 1.6.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

obsidiansecurity.com: https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform github.com: https://github.com/langflow-ai/langflow vulncheck.com: https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce

Credits

Fenix Qiao (aka 13ph03nix) from Obsidian Security Shuyang Wang from Obsidian Security