{"data":{"id":"73643b85-cdd1-48c4-88cf-6382ea46247f","title":"Langflow RCE under active attack months after a patch was shipped","summary":"Langflow, an open-source platform for building AI applications, has a path traversal vulnerability (CVE-2026-5027, rated 8.8 CVSS, a measure of how severe a vulnerability is) that allows attackers to write files to any location on a system and potentially execute remote code. The flaw is particularly dangerous because Langflow has login disabled by default, letting unauthenticated users exploit it with a single request, and attackers are actively using public exploit code to attack the approximately 7,000 internet-exposed instances.","solution":"Update Langflow to version 1.9.0 or later (current version is 1.10.0). The vulnerability affects versions up to 1.8.4, and the fix was released on April 15.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4185063/langflow-rce-under-active-attack-months-after-a-patch-was-shipped.html","publishedAt":"2026-06-15T12:48:31.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow","MuddyWater"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-15T12:48:31.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}