Approximately 7,000 publicly exposed Langflow server instances are currently under active attack. Cybercriminals are exploiting a chain of critical remote code execution vulnerabilities within the AI development platform. The Cybersecurity and Infrastructure Security Agency has added multiple Langflow CVEs to its Known Exploited Vulnerabilities catalog due to the severity of the threat.
The most urgent flaw is CVE-2026-5027, a path traversal vulnerability with a CVSS score of 8.8. Unauthenticated attackers can write arbitrary files to servers through unsanitized filenames, leading to total system compromise. A separate flaw disclosed in March 2026 saw exploits appear within just 20 hours of public release. Earlier vulnerabilities have already been linked to the deployment of the Flodrix botnet.
Langflow operates atop the broader LangChain ecosystem, which faces its own high-severity security issues. Organizations running Langflow on affected LangChain or LangGraph versions now contend with compounding attack surfaces. With these frameworks seeing over 60 million weekly downloads, the risk extends across a significant portion of the AI infrastructure market.
Most vulnerable instances are located in North America and suffer from default auto-login configurations. Many deployments were established for experimentation but left running without authentication. Threat actors have identified these AI platforms as high-value targets because they often hold API keys for large language models and connections to production databases.
Security experts warn that traditional patch cycles cannot keep pace with exploitation timelines measured in hours. Organizations must immediately patch systems, disable auto-login features, and restrict network access. This surge in attacks highlights a widening gap between AI tool accessibility and enterprise security awareness.