CISA Adds Langflow Origin Validation Flaw to KEV — Active Exploitation Confirmed

AI relevance: Langflow is a visual AI/LLM application builder used to chain models, tools, and knowledge bases — a compromised Langflow instance gives attackers a foothold into live AI agent pipelines and the credentials they access.

What happened

• On May 21, 2026, CISA added CVE-2025-34291 (CVSS 9.4) to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.
• The flaw is an origin validation error in Langflow, a popular open-source visual flow-builder for LLM applications that allows developers to chain AI models, vector databases, and tools through a drag-and-drop interface.
• The vulnerability combines CORS and CSRF weaknesses that could allow an attacker to execute arbitrary code and achieve full system compromise on a Langflow instance.
• In the same CISA KEV addition, CVE-2026-34926 (CVSS 6.7) — a directory traversal vulnerability in on-premise Trend Micro Apex One — was also listed, though the Trend Micro flaw is not AI-specific.
• CISA confirmed evidence of active exploitation, meaning this is not a theoretical risk but a weaponized vulnerability being used against real deployments.

Why it matters

• Langflow instances often hold API keys for LLM providers (OpenAI, Anthropic, etc.), vector database credentials, and connected tool integrations — compromising one gives an attacker access to the entire AI pipeline.
• KEV listing means federal agencies must remediate under BOD 22-01; private sector should treat this as equally urgent.
• This adds to a growing list of AI platform CVEs being actively exploited: previous additions include LiteLLM SQL injection (CVE-2026-42208, CVSS 9.8) and n8n critical vulnerabilities, showing a pattern of live AI infrastructure being targeted.
• The origin validation attack surface is particularly dangerous for AI builders that expose web UIs — any attacker who can trick an authenticated admin into visiting a crafted page can achieve code execution.

What to do

• If you run Langflow, update immediately to the patched version — check the Langflow GitHub releases for the specific fix.
• Ensure Langflow instances are not exposed to the public internet without authentication; use network segmentation and reverse proxies with strict CORS policies.
• Rotate all LLM API keys and database credentials stored in any Langflow instance that may have been exposed.
• Audit your Langflow flows for tools with write access (file systems, databases, APIs) — if an attacker achieved code execution through this flaw, those tools become available.

Sources

• CISA — Adds Two Known Exploited Vulnerabilities to Catalog (May 21, 2026)
• The Hacker News — CISA adds exploited Langflow and Trend Micro vulnerabilities to KEV
• CVE Record — CVE-2025-34291
• SC Media — CISA adds Trend Micro Apex One and Langflow flaws to exploited vulnerabilities catalog