#Langflow
11 stories taggedLangflow.

U.S. Government Gives Agencies Two Weeks to Patch Four Actively Exploited Flaws
Critical security holes in Adobe ColdFusion, Langflow, and Joomla extensions are already being used by attackers. Federal agencies have until July 10 to fix them.

US cyber agency gives federal staff four days to patch Langflow AI tool being actively hacked
CISA added an authorisation bypass in the popular AI-agent builder Langflow to its must-patch list after Sysdig spotted attackers stealing cloud keys and hijacking servers.

CISA Flags Four Live-Exploited Bugs in Adobe, Joomla and Langflow
The US cyber agency gave federal agencies until early December to patch a critical Adobe ColdFusion flaw and three others already being abused in the wild.

An AI Agent Broke Into a Server, Taught Itself to Adapt, and Left a Ransom Note
Security firm Sysdig says it has documented the first fully autonomous AI-driven ransomware attack, where a program called JadePuffer broke into a database, encrypted thousands of records, and demanded Bitcoin payment without a human criminal directing any step.

An AI Agent Ran a Ransomware Attack by Itself. Here's What That Means.
Criminals used an AI tool called Langflow to let a machine plan and carry out a multi-step ransomware intrusion without a human guiding every move — a shift that could make attacks faster and cheaper to run at scale.

Sysdig Flags 'JADEPUFFER' as First End-to-End AI-Run Ransomware Attack
Researchers say a large language model handled intrusion, lateral movement and destruction of a production database without a human at the keyboard.

Langflow RCE Is Back on the Menu — This Time for a Monero Miner
Attackers are still pillaging exposed Langflow instances through CVE-2026-33017, turning forgotten AI workflow servers into XMR mining rigs.

Langflow's Unauthenticated File-Write Flaw Is Being Exploited — Patch Dropped 73 Days Ago
CVE-2026-5027 lets attackers write files to arbitrary paths on exposed servers, and because Langflow ships with login disabled by default, exploitation requires exactly zero credentials.

Langflow Path Traversal Flaw CVE-2026-5027 Hits CISA's Exploited List
An unauthenticated write-anywhere bug in the open-source AI builder is being abused in the wild, per VulnCheck telemetry, raising fresh questions for federal users bound by BOD 22-01 patch deadlines.

Langflow Path Traversal Under Active Exploitation, No Patch Available
CVE-2026-5027 lets unauthenticated attackers write arbitrary files on Langflow servers. In-the-wild exploitation is being tracked now.

CISA's KEV List Just Picked Up Langflow and Apex One — Both Already Being Hit
Two flaws, one AI workflow tool and one veteran endpoint suite, now carry a federal patch deadline because attackers got there first.