Description

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.

INFO

Published Date :

2025-12-05T22:27:26.438Z

Last Modified :

2026-03-05T12:03:54.368Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2025-34291 vulnerability.

Vendors Products
Langflow
  • Langflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34291.

URL Resource
https://github.com/langflow-ai/langflow cve-icon cve-icon
https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform cve-icon cve-icon
https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact