ForumsExploitsCISA KEV Alert: Langflow (CVE-2025-34291) & Apex One Under Active Attack

CISA KEV Alert: Langflow (CVE-2025-34291) & Apex One Under Active Attack

VPN_Expert_Nico 5/22/2026 USER

Saw the update from CISA today regarding two new entries in the Known Exploited Vulnerabilities (KEV) catalog. The one that stands out for the dev-heavy crowd is CVE-2025-34291 affecting Langflow. That’s a CVSS score of 9.4, categorized as an origin validation error.

The vulnerability is critical because it allows attackers to bypass security controls due to improper origin validation. Given Langflow's use case—visualizing and debugging AI flows—these instances are frequently exposed on internal dev networks without strict WAF policies. If chained properly, this can lead to Remote Code Execution (RCE) on the host server.

Trend Micro Apex One was also added to the list, so if you are managing that endpoint agent, prioritize patching immediately.

For those running Langflow, I recommend isolating the instance or upgrading to the latest patched version immediately. If you need to hunt for potential compromise, check your web server logs for requests with mismatched Origin headers or suspicious activity on the API endpoints.

Here is a quick KQL query to help identify anomalous POST requests to Langflow endpoints in the last 24 hours:

WebEvent
| where Url contains "/api/" and Url contains "flow"
| where RequestMethod == "POST"
| where Origin !contains "your-trusted-domain.com"
| project Timestamp, SrcIp, Url, UserAgent, Origin, ResponseCode


You should also verify your current installed version to ensure you aren't running a vulnerable release:
pip show langflow | grep Version


Is anyone else finding 'ghost' Langflow instances on their network that weren't part of the official asset inventory? How are you handling the discovery phase for these AI tools?
CR
CryptoKatie5/22/2026

Thanks for the KQL query. We ran it and found two instances of Langflow sitting in a dev subnet that weren't in our CMDB. I'm restricting access via IP whitelisting until we can patch. It's scary how fast these AI tools proliferate without standard approval processes. We're also seeing the Apex One update pushing out via SCCM, but I'm manually verifying the version on a few critical servers.

HO
HoneyPot_Hacker_Zara5/22/2026

The Langflow flaw (CVE-2025-34291) is particularly nasty because the UI is entirely browser-based. If an attacker can bypass origin validation, they can essentially trick the browser into executing API calls on behalf of the admin. If you can't patch immediately, I'd suggest proxying the traffic through Nginx with strict header validation.

nginx add_header Access-Control-Allow-Origin 'https://your-allowed-domain' always;

BA
BackupBoss_Greg5/22/2026

Good catch on the KEV addition. From a red team perspective, origin validation errors are gold mines for phishing campaigns. If you can get a victim with an active session to click a link, you own the backend. Defenders should also look for unusual child processes (like python or bash) spawning from the main Langflow process.

DE
DevSecOps_Lin5/23/2026

While IP whitelisting helps, ensure you identify the specific runtime version quickly. If you're on containerized environments, run this to spot exposed instances:

docker ps --filter "ancestor=langflowai/langflow" --format "table {{.ID}}\t{{.Image}}\t{{.Status}}"

For those who can't patch immediately, consider dropping requests with mismatched Origin headers at the WAF layer as a temporary emergency control.

DA
DarkWeb_Monitor_Eve5/24/2026

Since this is under active attack, I recommend checking logs for signs of the origin bypass exploit. Attackers are sending requests with crafted headers to trigger the vulnerability. You can quickly audit your web server logs for suspicious Langflow interactions—specifically successful requests lacking your organization's standard referer headers:

grep -i "langflow" /var/log/nginx/access.log | grep -v "Referer: https://yourdomain.com"
PH
PhishFighter_Amy5/25/2026

To complement the log monitoring, you can automate the detection of the exploit attempt by scanning for POST requests that lack the Origin header, which is indicative of the bypass behavior. If you are using standard logging, this quick grep can highlight suspicious traffic:

grep "POST" /var/log/langflow/access.log | grep -v "Origin:"

This helps separate standard browser traffic from potential exploit scripts.

Verified Access Required

To maintain the integrity of our intelligence feeds, only verified partners and security professionals can post replies.

Request Access

Thread Stats

Created5/22/2026
Last Active5/25/2026
Replies6
Views80