The Hacker News

Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE

CVE-2026-5027 lets attackers abuse Langflow path traversal, exposing 7,000 AI app instances to file-write attacks.
腾讯网

关键Langflow漏洞CVE-2026-33017在披露20小时内引发攻击

一个影响Langflow的关键安全漏洞在公开披露后20小时内就遭到主动利用,突显了威胁行为者将新发布漏洞武器化的速度。 该安全缺陷被追踪为CVE-2026-33017(CVSS评分:9.3),是一个缺失身份验证结合代码注入的案例,可能导致远程代码执行。 根据Langflow对该漏洞的 ...

Path traversal flaw in AI dev platform Langflow exploited in attacks

Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform ...
腾讯网

从工程视角看 Langflow:一站式 AI Agent 工作流解决方案解析

Hello folks,我是 Luga,今天我们来聊一下人工智能应用场景 - 构建高效、灵活的计算架构的 AI Agents 低代码平台 - Langflow。 众所周知,随着技术不断的迭代,构建复杂的 AI 应用,特别是需要整合各种外部服务(API)、不同模型和多样化数据源(数据库 ...
CSOonline

Critical flaw in AI agent dev tool Langflow under active exploitation

Researchers from security firm Trend Micro warn that a critical remote code execution vulnerability patched in April in the Langflow AI agent framework is being exploited to deploy botnet malware. The ...
Dark Reading

Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet

Attackers are actively targeting a critical flaw in a popular Python-based Web app for building AI agents and workflows to unleash a powerful botnet that can cause full system compromise, distributed ...
GIGAZINE

Langflow is a low-code platform that allows you to create AI agents and workflows for free ...

When creating in-house applications or automation tools that utilize AI, one might use ' LangChain,' a powerful Python-based library that connects APIs, databases, and various AI services as ...