CVE-2025-34291: Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-34291

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE

Source: NVD (National Vulnerability Database)

Vulnerability Description

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

源验证错误

Source: NVD (National Vulnerability Database)

Vulnerability Title

Langflow 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.6.9及之前版本存在访问控制错误漏洞，该漏洞源于过度宽松的CORS配置和SameSite设置不当，可能导致账户接管和远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Langflow	Langflow	0 ~ 1.6.9	-

II. Public POCs for CVE-2025-34291

#	POC Description	Source Link	Shenlong Link
1	Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that allows any origin to make credentialed requests. Combined with SameSite=None cookies, this enables cross-origin token theft and subsequent remote code execution via the /api/v1/validate/code endpoint.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-34291.yaml	POC Details
2	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%BA%BA%E5%B7%A5%E6%99%BA%E8%83%BD%E6%BC%8F%E6%B4%9E/Langflow%20%E2%89%A4%201.6.9%20CORS%20%E9%85%8D%E7%BD%AE%E9%94%99%E8%AF%AF%E5%AF%BC%E8%87%B4%E4%BB%A4%E7%89%8C%E5%8A%AB%E6%8C%81%E5%92%8C%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-34291.md	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-34291

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Langflow

Same vendor: Langflow

Same weakness: CWE-346

V. Comments for CVE-2025-34291

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-34291

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-34291

III. Intelligence Information for CVE-2025-34291

IV. Related Vulnerabilities

V. Comments for CVE-2025-34291

Leave a comment