CISA adds Langflow Vulnerability to Known Exploited Vulnerabilities Catalog

**CISA added CVE-2025-34291 (Langflow) to the KEV Catalog due to active exploitation: a CORS/origin validation flaw plus a SameSite=None refresh cookie can enable cross-origin token theft and remote code execution; administrators should apply patches, restrict CORS, and reconfigure cookies before the federal remediation deadline of June 4, 2026.**