Langflow servers under attack as critical vulnerabilities spread across LangChain framework

If you’re building AI agents with Langflow, here’s your wake-up call. Roughly 7,000 publicly exposed Langflow server instances are actively being targeted by attackers exploiting a chain of critical remote code execution vulnerabilities, some of which share DNA with flaws found in the broader LangChain and LangGraph frameworks.

The situation is bad enough that CISA has added multiple Langflow CVEs to its Known Exploited Vulnerabilities catalog.

What’s actually being exploited

The most recent vulnerability in the spotlight is CVE-2026-5027, a path traversal flaw lurking in Langflow’s file upload functionality. It carries a CVSS score of 8.8 out of 10. An unauthenticated attacker can write arbitrary files to a server by sending a crafted POST request to the /api/v2/files endpoint with unsanitized filenames. That file-write capability cascades into full remote code execution and total system compromise.

CVE-2026-33017, disclosed in March 2026, enabled unauthenticated remote code execution through the platform’s public flow build endpoint. Exploits for that one appeared within 20 hours of disclosure.