High Actively Exploited cisa_kev · CVE-2025-3248

Langflow Missing Authentication Vulnerability

Published May 5, 2025

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

Affected AI Products

langflow

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.