An added complexity is that Langflow is shipping with an auto-login behavior, allowing unauthenticated users with a valid session to reach the vulnerable endpoint without credentials.
“Langflow is a popular open-source tool for building AI applications,” said Jim Sherlock, VP of cybersecurity R&D at ProCircular. “Because the platform ships with login disabled by default, exploitation takes a single request with no credentials, resulting in full takeover of the machine.”
Cloud security non-profit, Cloud Security Alliance (CSA), said approximately 7,000 Langflow instances are exposed to the internet.
Path traversal issue allowing full system takeover
Langflow is a popular low-code platform for building AI agents, RAG pipelines, and MCP-based workflows through a drag-and-drop interface. That popularity is adding to the concerns over CVE-2026-5027, a path traversal vulnerability assigned an 8.8 CVSS rating.
