Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Langflow

29 May 2026

A critical vulnerability in Langflow discovered in December 2025 is now under active exploitation. Users and administrators are advised to update to the latest version immediately.

Background

Langflow, a platform for building and deploying AI-powered agents and workflows released security updates in December 2025 addressing a critical vulnerability (CVE-2025-34291) in its product.

This vulnerability has a Common Vulnerability Scoring System (CVSS v4.0) score of 9.4 out of 10.

Impact

Successful exploitation of this origin validation error vulnerability could allow an unauthenticated remote attacker to execute arbitrary code and achieve full system compromise.

Known Exploitation

This vulnerability is being actively exploited in the wild.

Affected Products

The vulnerability affects Langflow versions 1.6.9 and prior. 

Recommendations

Users and administrators of affected versions are advised to update to the latest version immediately. 

References

https://github.com/advisories/GHSA-577h-p2hh-v4mv

https://nvd.nist.gov/vuln/detail/CVE-2025-34291

https://cybersecuritynews.com/langflow-origin-validation-flaw-exploit/

Back to top