CSO Online

Langflow RCE under active attack months after a patch was shipped

Actively exploited CVE-2026-5027 lets attackers write files to arbitrary locations on vulnerable Langflow servers, creating a path to remote code execution and full system compromise.

Path traversal flaw in AI dev platform Langflow exploited in attacks

Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform ...
SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.
The Hacker News

Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE

CVE-2026-5027 lets attackers abuse Langflow path traversal, exposing 7,000 AI app instances to file-write attacks.
IT News For Australia Business

Serious path traversal bug found in Microsoft's NLWeb "Agentic Web" tool

Microsoft's open source NLWeb framework for delivering AI-driven agentic web applications shipped with an easy to exploit path traversal vulnerability that revealed the context of sensitive system ...