{
  "title": "Langflow CVE-2025-34291: KEV Origin Validation Exposure",
  "summary": "CISA added Langflow CVE-2025-34291 to KEV on 2026-05-21. The issue combines permissive CORS and credentialed refresh-token behavior; this article provides dependency, container, HTTP telemetry, and token-abuse audit scripts.",
  "date": "2026-05-26",
  "severity": "critical",
  "tags": [
    "langflow",
    "cisa-kev",
    "vulnerability-response",
    "ai-tooling",
    "cors"
  ],
  "sources_count": 4,
  "indicators": {
    "slug": "langflow-cve-2025-34291-kev",
    "since": "2026-05-26T00:00:00Z",
    "until": "2026-05-26T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2025-34291"
    ],
    "cwes": [
      "CWE-346"
    ],
    "advisoryIds": [],
    "products": [
      "Langflow"
    ],
    "packages": [
      "langflow"
    ],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [
      "1.9.3",
      "v1.9.3"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "Origin",
      "Cookie",
      "SameSite=None",
      "refresh token",
      "refresh_token",
      "Langflow"
    ]
  }
}