Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution. The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek.
Threat actors started exploiting a critical Langflow vulnerability roughly 20 hours after public disclosure, Sysdig reports.
Langflow is a popular open source framework for creating and deploying AI agents and workflows using a visual builder interface, with over 145,000 GitHub stars and more than 8,000 forks.
On March 17, Langflow version 1.8.1 was released with patches for a critical vulnerability leading to unauthenticated remote code execution (RCE).
Related breach coverage
- Critical WatchGuard Firebox Vulnerability Exploited in Attacks2025-11-13
Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls. The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek.
- Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability2026-03-23
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.
- VMware Aria Operations Vulnerability Exploited in the Wild2026-03-04
The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. The post VMware Aria Operations Vulnerability Exploited in the Wild appeared first on SecurityWeek.
- BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release2026-02-13
Exploitation attempts target CVE-2026-1731, a critical unauthenticated remote code execution flaw in BeyondTrust Remote Support. The post BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release appeared first on SecurityWeek.