CVE-2025-3248: Langflow Missing Authentication Vulnerability. Langflow

Langflow Missing Authentication Vulnerability. Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

• CISA KEV-listed (remediation due 2025-05-26)
• EPSS 92.9% (99.8% percentile)

Browse the CVE database

Read the full analysis on IntelFusions