CISA Adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
ID: d8d4c0b2-c73b-5cfe-99b7-95e7c43a1d07
STIX ID: report--d8d4c0b2-c73b-5cfe-99b7-95e7c43a1d07
Feed Name: GBHackers
Threat Score
CISA has added CVE-2025-34291 — an origin validation/CORS misconfiguration in Langflow that exposes refresh tokens via SameSite=None cookies — to its Known Exploited Vulnerabilities catalog, indicating active exploitation and urging immediate remediation; successful exploitation can lead to token theft, session hijacking, and potential full system compromise, and CISA requires federal agencies to remediate by June 4, 2026.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.