๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and
Summary
Langflow versions before 1.3.0 have a code injection vulnerability (a flaw where attackers can insert and run malicious code) in the /api/v1/validate/code endpoint that allows unauthenticated attackers (those without login credentials) to execute arbitrary code by sending specially crafted HTTP requests (formatted messages to the server). This vulnerability is actively being exploited in the wild.
Solution / Mitigation
Update Langflow to version 1.3.0 or later, as referenced in the official release notes at https://github.com/langflow-ai/langflow/releases/tag/1.3.0. If mitigations are unavailable, discontinue use of the product.
Vulnerability Details
9.8(critical)
EPSS: 92.1%
๐ฅ Actively Exploited
Classification
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-3248
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) ยท confidence: 95%