CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-34291

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.8%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2025-34291

Langflow » Langflow » Version: N/A

cpe:2.3:a:langflow:langflow:-
Langflow » Langflow » Version: 0.0.19

cpe:2.3:a:langflow:langflow:0.0.19
Langflow » Langflow » Version: 0.0.20

cpe:2.3:a:langflow:langflow:0.0.20
Langflow » Langflow » Version: 0.0.21

cpe:2.3:a:langflow:langflow:0.0.21
Langflow » Langflow » Version: 0.0.22

cpe:2.3:a:langflow:langflow:0.0.22
Langflow » Langflow » Version: 0.0.23

cpe:2.3:a:langflow:langflow:0.0.23
Langflow » Langflow » Version: 0.0.24

cpe:2.3:a:langflow:langflow:0.0.24
Langflow » Langflow » Version: 0.0.31

cpe:2.3:a:langflow:langflow:0.0.31
Langflow » Langflow » Version: 0.0.32

cpe:2.3:a:langflow:langflow:0.0.32
Langflow » Langflow » Version: 0.0.33

cpe:2.3:a:langflow:langflow:0.0.33
Langflow » Langflow » Version: 0.0.40

cpe:2.3:a:langflow:langflow:0.0.40
Langflow » Langflow » Version: 0.0.44

cpe:2.3:a:langflow:langflow:0.0.44
Langflow » Langflow » Version: 0.0.45

cpe:2.3:a:langflow:langflow:0.0.45
Langflow » Langflow » Version: 0.0.46

cpe:2.3:a:langflow:langflow:0.0.46
Langflow » Langflow » Version: 0.0.52

cpe:2.3:a:langflow:langflow:0.0.52
Langflow » Langflow » Version: 0.0.53

cpe:2.3:a:langflow:langflow:0.0.53
Langflow » Langflow » Version: 0.0.54

cpe:2.3:a:langflow:langflow:0.0.54
Langflow » Langflow » Version: 0.0.55

cpe:2.3:a:langflow:langflow:0.0.55
Langflow » Langflow » Version: 0.0.56

cpe:2.3:a:langflow:langflow:0.0.56
Langflow » Langflow » Version: 0.0.57

cpe:2.3:a:langflow:langflow:0.0.57
Langflow » Langflow » Version: 0.0.58

cpe:2.3:a:langflow:langflow:0.0.58
Langflow » Langflow » Version: 0.0.61

cpe:2.3:a:langflow:langflow:0.0.61
Langflow » Langflow » Version: 0.0.62

cpe:2.3:a:langflow:langflow:0.0.62
Langflow » Langflow » Version: 0.0.63

cpe:2.3:a:langflow:langflow:0.0.63
Langflow » Langflow » Version: 0.0.64

cpe:2.3:a:langflow:langflow:0.0.64
Langflow » Langflow » Version: 0.0.65

cpe:2.3:a:langflow:langflow:0.0.65
Langflow » Langflow » Version: 0.0.66

cpe:2.3:a:langflow:langflow:0.0.66
Langflow » Langflow » Version: 0.0.67

cpe:2.3:a:langflow:langflow:0.0.67
Langflow » Langflow » Version: 0.0.68

cpe:2.3:a:langflow:langflow:0.0.68
Langflow » Langflow » Version: 0.0.69

cpe:2.3:a:langflow:langflow:0.0.69
Langflow » Langflow » Version: 0.0.70

cpe:2.3:a:langflow:langflow:0.0.70
Langflow » Langflow » Version: 0.0.71

cpe:2.3:a:langflow:langflow:0.0.71
Langflow » Langflow » Version: 0.0.72

cpe:2.3:a:langflow:langflow:0.0.72
Langflow » Langflow » Version: 0.0.73

cpe:2.3:a:langflow:langflow:0.0.73
Langflow » Langflow » Version: 0.0.74

cpe:2.3:a:langflow:langflow:0.0.74
Langflow » Langflow » Version: 0.0.75

cpe:2.3:a:langflow:langflow:0.0.75
Langflow » Langflow » Version: 0.0.76

cpe:2.3:a:langflow:langflow:0.0.76
Langflow » Langflow » Version: 0.0.77

cpe:2.3:a:langflow:langflow:0.0.77
Langflow » Langflow » Version: 0.0.78

cpe:2.3:a:langflow:langflow:0.0.78
Langflow » Langflow » Version: 0.0.79

cpe:2.3:a:langflow:langflow:0.0.79
Langflow » Langflow » Version: 0.0.80

cpe:2.3:a:langflow:langflow:0.0.80
Langflow » Langflow » Version: 0.0.81

cpe:2.3:a:langflow:langflow:0.0.81
Langflow » Langflow » Version: 0.0.82

cpe:2.3:a:langflow:langflow:0.0.82
Langflow » Langflow » Version: 0.0.83

cpe:2.3:a:langflow:langflow:0.0.83
Langflow » Langflow » Version: 0.0.84

cpe:2.3:a:langflow:langflow:0.0.84
Langflow » Langflow » Version: 0.0.85

cpe:2.3:a:langflow:langflow:0.0.85
Langflow » Langflow » Version: 0.0.86

cpe:2.3:a:langflow:langflow:0.0.86
Langflow » Langflow » Version: 0.0.87

cpe:2.3:a:langflow:langflow:0.0.87
Langflow » Langflow » Version: 0.0.88

cpe:2.3:a:langflow:langflow:0.0.88
Langflow » Langflow » Version: 0.0.89

cpe:2.3:a:langflow:langflow:0.0.89
Langflow » Langflow » Version: 0.1.0

cpe:2.3:a:langflow:langflow:0.1.0
Langflow » Langflow » Version: 0.1.2

cpe:2.3:a:langflow:langflow:0.1.2
Langflow » Langflow » Version: 0.1.3

cpe:2.3:a:langflow:langflow:0.1.3
Langflow » Langflow » Version: 0.1.4

cpe:2.3:a:langflow:langflow:0.1.4
Langflow » Langflow » Version: 0.1.5

cpe:2.3:a:langflow:langflow:0.1.5
Langflow » Langflow » Version: 0.1.6

cpe:2.3:a:langflow:langflow:0.1.6
Langflow » Langflow » Version: 0.1.7

cpe:2.3:a:langflow:langflow:0.1.7
Langflow » Langflow » Version: 0.2.0

cpe:2.3:a:langflow:langflow:0.2.0
Langflow » Langflow » Version: 0.2.1

cpe:2.3:a:langflow:langflow:0.2.1
Langflow » Langflow » Version: 0.2.10

cpe:2.3:a:langflow:langflow:0.2.10
Langflow » Langflow » Version: 0.2.11

cpe:2.3:a:langflow:langflow:0.2.11
Langflow » Langflow » Version: 0.2.12

cpe:2.3:a:langflow:langflow:0.2.12
Langflow » Langflow » Version: 0.2.13

cpe:2.3:a:langflow:langflow:0.2.13
Langflow » Langflow » Version: 0.2.2

cpe:2.3:a:langflow:langflow:0.2.2
Langflow » Langflow » Version: 0.2.3

cpe:2.3:a:langflow:langflow:0.2.3
Langflow » Langflow » Version: 0.2.4

cpe:2.3:a:langflow:langflow:0.2.4
Langflow » Langflow » Version: 0.2.5

cpe:2.3:a:langflow:langflow:0.2.5
Langflow » Langflow » Version: 0.2.6

cpe:2.3:a:langflow:langflow:0.2.6
Langflow » Langflow » Version: 0.2.7

cpe:2.3:a:langflow:langflow:0.2.7
Langflow » Langflow » Version: 0.2.8

cpe:2.3:a:langflow:langflow:0.2.8
Langflow » Langflow » Version: 0.2.9

cpe:2.3:a:langflow:langflow:0.2.9
Langflow » Langflow » Version: 0.3.0

cpe:2.3:a:langflow:langflow:0.3.0
Langflow » Langflow » Version: 0.3.1

cpe:2.3:a:langflow:langflow:0.3.1
Langflow » Langflow » Version: 0.3.2

cpe:2.3:a:langflow:langflow:0.3.2
Langflow » Langflow » Version: 0.3.3

cpe:2.3:a:langflow:langflow:0.3.3
Langflow » Langflow » Version: 0.3.4

cpe:2.3:a:langflow:langflow:0.3.4
Langflow » Langflow » Version: 0.4.0

cpe:2.3:a:langflow:langflow:0.4.0
Langflow » Langflow » Version: 0.4.1

cpe:2.3:a:langflow:langflow:0.4.1
Langflow » Langflow » Version: 0.4.10

cpe:2.3:a:langflow:langflow:0.4.10
Langflow » Langflow » Version: 0.4.11

cpe:2.3:a:langflow:langflow:0.4.11
Langflow » Langflow » Version: 0.4.12

cpe:2.3:a:langflow:langflow:0.4.12
Langflow » Langflow » Version: 0.4.14

cpe:2.3:a:langflow:langflow:0.4.14
Langflow » Langflow » Version: 0.4.15

cpe:2.3:a:langflow:langflow:0.4.15
Langflow » Langflow » Version: 0.4.16

cpe:2.3:a:langflow:langflow:0.4.16
Langflow » Langflow » Version: 0.4.17

cpe:2.3:a:langflow:langflow:0.4.17
Langflow » Langflow » Version: 0.4.18

cpe:2.3:a:langflow:langflow:0.4.18
Langflow » Langflow » Version: 0.4.19

cpe:2.3:a:langflow:langflow:0.4.19
Langflow » Langflow » Version: 0.4.2

cpe:2.3:a:langflow:langflow:0.4.2
Langflow » Langflow » Version: 0.4.20

cpe:2.3:a:langflow:langflow:0.4.20
Langflow » Langflow » Version: 0.4.21

cpe:2.3:a:langflow:langflow:0.4.21
Langflow » Langflow » Version: 0.4.3

cpe:2.3:a:langflow:langflow:0.4.3
Langflow » Langflow » Version: 0.4.4

cpe:2.3:a:langflow:langflow:0.4.4
Langflow » Langflow » Version: 0.4.5

cpe:2.3:a:langflow:langflow:0.4.5
Langflow » Langflow » Version: 0.4.6

cpe:2.3:a:langflow:langflow:0.4.6
Langflow » Langflow » Version: 0.4.7

cpe:2.3:a:langflow:langflow:0.4.7
Langflow » Langflow » Version: 0.4.8

cpe:2.3:a:langflow:langflow:0.4.8
Langflow » Langflow » Version: 0.4.9

cpe:2.3:a:langflow:langflow:0.4.9
Langflow » Langflow » Version: 0.5.0

cpe:2.3:a:langflow:langflow:0.5.0
Langflow » Langflow » Version: 0.5.1

cpe:2.3:a:langflow:langflow:0.5.1
Langflow » Langflow » Version: 0.5.10

cpe:2.3:a:langflow:langflow:0.5.10
Langflow » Langflow » Version: 0.5.11

cpe:2.3:a:langflow:langflow:0.5.11
Langflow » Langflow » Version: 0.5.12

cpe:2.3:a:langflow:langflow:0.5.12
Langflow » Langflow » Version: 0.5.2

cpe:2.3:a:langflow:langflow:0.5.2
Langflow » Langflow » Version: 0.5.3

cpe:2.3:a:langflow:langflow:0.5.3
Langflow » Langflow » Version: 0.5.4

cpe:2.3:a:langflow:langflow:0.5.4
Langflow » Langflow » Version: 0.5.5

cpe:2.3:a:langflow:langflow:0.5.5
Langflow » Langflow » Version: 0.5.6

cpe:2.3:a:langflow:langflow:0.5.6
Langflow » Langflow » Version: 0.5.7

cpe:2.3:a:langflow:langflow:0.5.7
Langflow » Langflow » Version: 0.5.8

cpe:2.3:a:langflow:langflow:0.5.8
Langflow » Langflow » Version: 0.5.9

cpe:2.3:a:langflow:langflow:0.5.9
Langflow » Langflow » Version: 0.6.0

cpe:2.3:a:langflow:langflow:0.6.0
Langflow » Langflow » Version: 0.6.1

cpe:2.3:a:langflow:langflow:0.6.1
Langflow » Langflow » Version: 0.6.10

cpe:2.3:a:langflow:langflow:0.6.10
Langflow » Langflow » Version: 0.6.11

cpe:2.3:a:langflow:langflow:0.6.11
Langflow » Langflow » Version: 0.6.12

cpe:2.3:a:langflow:langflow:0.6.12
Langflow » Langflow » Version: 0.6.13

cpe:2.3:a:langflow:langflow:0.6.13
Langflow » Langflow » Version: 0.6.14

cpe:2.3:a:langflow:langflow:0.6.14
Langflow » Langflow » Version: 0.6.15

cpe:2.3:a:langflow:langflow:0.6.15
Langflow » Langflow » Version: 0.6.16

cpe:2.3:a:langflow:langflow:0.6.16
Langflow » Langflow » Version: 0.6.17

cpe:2.3:a:langflow:langflow:0.6.17
Langflow » Langflow » Version: 0.6.18

cpe:2.3:a:langflow:langflow:0.6.18
Langflow » Langflow » Version: 0.6.19

cpe:2.3:a:langflow:langflow:0.6.19
Langflow » Langflow » Version: 0.6.2

cpe:2.3:a:langflow:langflow:0.6.2
Langflow » Langflow » Version: 0.6.3

cpe:2.3:a:langflow:langflow:0.6.3
Langflow » Langflow » Version: 0.6.4

cpe:2.3:a:langflow:langflow:0.6.4
Langflow » Langflow » Version: 0.6.5

cpe:2.3:a:langflow:langflow:0.6.5
Langflow » Langflow » Version: 0.6.6

cpe:2.3:a:langflow:langflow:0.6.6
Langflow » Langflow » Version: 0.6.7

cpe:2.3:a:langflow:langflow:0.6.7
Langflow » Langflow » Version: 0.6.8

cpe:2.3:a:langflow:langflow:0.6.8
Langflow » Langflow » Version: 0.6.9

cpe:2.3:a:langflow:langflow:0.6.9
Langflow » Langflow » Version: 1.0.0

cpe:2.3:a:langflow:langflow:1.0.0
Langflow » Langflow » Version: 1.0.1

cpe:2.3:a:langflow:langflow:1.0.1
Langflow » Langflow » Version: 1.0.10

cpe:2.3:a:langflow:langflow:1.0.10
Langflow » Langflow » Version: 1.0.11

cpe:2.3:a:langflow:langflow:1.0.11
Langflow » Langflow » Version: 1.0.12

cpe:2.3:a:langflow:langflow:1.0.12
Langflow » Langflow » Version: 1.0.13

cpe:2.3:a:langflow:langflow:1.0.13
Langflow » Langflow » Version: 1.0.14

cpe:2.3:a:langflow:langflow:1.0.14
Langflow » Langflow » Version: 1.0.15

cpe:2.3:a:langflow:langflow:1.0.15
Langflow » Langflow » Version: 1.0.16

cpe:2.3:a:langflow:langflow:1.0.16
Langflow » Langflow » Version: 1.0.17

cpe:2.3:a:langflow:langflow:1.0.17
Langflow » Langflow » Version: 1.0.18

cpe:2.3:a:langflow:langflow:1.0.18
Langflow » Langflow » Version: 1.0.19

cpe:2.3:a:langflow:langflow:1.0.19
Langflow » Langflow » Version: 1.0.2

cpe:2.3:a:langflow:langflow:1.0.2
Langflow » Langflow » Version: 1.0.3

cpe:2.3:a:langflow:langflow:1.0.3
Langflow » Langflow » Version: 1.0.4

cpe:2.3:a:langflow:langflow:1.0.4
Langflow » Langflow » Version: 1.0.5

cpe:2.3:a:langflow:langflow:1.0.5
Langflow » Langflow » Version: 1.0.6

cpe:2.3:a:langflow:langflow:1.0.6
Langflow » Langflow » Version: 1.0.7

cpe:2.3:a:langflow:langflow:1.0.7
Langflow » Langflow » Version: 1.0.8

cpe:2.3:a:langflow:langflow:1.0.8
Langflow » Langflow » Version: 1.0.9

cpe:2.3:a:langflow:langflow:1.0.9
Langflow » Langflow » Version: 1.1.0

cpe:2.3:a:langflow:langflow:1.1.0
Langflow » Langflow » Version: 1.1.1

cpe:2.3:a:langflow:langflow:1.1.1
Langflow » Langflow » Version: 1.1.2

cpe:2.3:a:langflow:langflow:1.1.2
Langflow » Langflow » Version: 1.1.3

cpe:2.3:a:langflow:langflow:1.1.3
Langflow » Langflow » Version: 1.1.4

cpe:2.3:a:langflow:langflow:1.1.4
Langflow » Langflow » Version: 1.2.0

cpe:2.3:a:langflow:langflow:1.2.0
Langflow » Langflow » Version: 1.3.0

cpe:2.3:a:langflow:langflow:1.3.0
Langflow » Langflow » Version: 1.3.1

cpe:2.3:a:langflow:langflow:1.3.1
Langflow » Langflow » Version: 1.3.2

cpe:2.3:a:langflow:langflow:1.3.2
Langflow » Langflow » Version: 1.3.3

cpe:2.3:a:langflow:langflow:1.3.3
Langflow » Langflow » Version: 1.3.4

cpe:2.3:a:langflow:langflow:1.3.4
Langflow » Langflow » Version: 1.4.0

cpe:2.3:a:langflow:langflow:1.4.0
Langflow » Langflow » Version: 1.4.1

cpe:2.3:a:langflow:langflow:1.4.1
Langflow » Langflow » Version: 1.4.2

cpe:2.3:a:langflow:langflow:1.4.2
Langflow » Langflow » Version: 1.4.3

cpe:2.3:a:langflow:langflow:1.4.3
Langflow » Langflow » Version: 1.5.0

cpe:2.3:a:langflow:langflow:1.5.0
Langflow » Langflow » Version: 1.5.1

cpe:2.3:a:langflow:langflow:1.5.1
Langflow » Langflow » Version: 1.6.0

cpe:2.3:a:langflow:langflow:1.6.0
Langflow » Langflow » Version: 1.6.1

cpe:2.3:a:langflow:langflow:1.6.1
Langflow » Langflow » Version: 1.6.2

cpe:2.3:a:langflow:langflow:1.6.2
Langflow » Langflow » Version: 1.6.3

cpe:2.3:a:langflow:langflow:1.6.3
Langflow » Langflow » Version: 1.6.4

cpe:2.3:a:langflow:langflow:1.6.4
Langflow » Langflow » Version: 1.6.5

cpe:2.3:a:langflow:langflow:1.6.5
Langflow » Langflow » Version: 1.6.6

cpe:2.3:a:langflow:langflow:1.6.6
Langflow » Langflow » Version: 1.6.7

cpe:2.3:a:langflow:langflow:1.6.7
Langflow » Langflow » Version: 1.6.8

cpe:2.3:a:langflow:langflow:1.6.8
Langflow » Langflow » Version: 1.6.9

cpe:2.3:a:langflow:langflow:1.6.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-34291

Products

Pricing

Contact Us