Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up
Back to KEV List

Langflow Missing Authentication Vulnerability

Added May 5, 2025 Due May 26, 2025 CVE-2025-3248
Overdue Langflow / Langflow CWE-306

Description

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

Additional Information

Catalog Version
2025.05.05
Catalog Released
May 5, 2025
Days Until Due
0 days
Last Updated
1 month ago