CNNVD-202512-629 Information

CNNVD ID

CNNVD-202512-629

Related CVE

CVE-2025-34291

• CNNVD Published: 2025-12-05

Description (Chinese)

Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.6.9及之前版本存在访问控制错误漏洞，该漏洞源于过度宽松的CORS配置和SameSite设置不当，可能导致账户接管和远程代码执行。

Description (English)

Langflow is a visual framework for building multi-agent and RAG applications from Langflow Open Source. The Langflow 1.6.9 and previous versions had access control error loopholes, which stemmed from overly loose COSP configurations and inappropriate SameSite settings, which could lead to account take-over and remote code implementation.

Hazard Level

Low

Vulnerability Type

访问控制错误

Affected Vendor

Langflow

Published

2025-12-05

Last Modified

2026-02-24

References

https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform https://github.com/langflow-ai/langflow https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce https://access.redhat.com/security/cve/cve-2025-34291