Path traversal flaw in #AI dev platform #Langflow exploited in attacks

https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/

#cybersecurity

Langflow's CVE-2026-5027, a path traversal flaw, is now actively exploited, enabling remote code execution. This incident follows a pattern of critical vulnerabilities, including those linked to the Iranian threat group MuddyWater, raising serious questions about the project's secure development lifecycle.

https://www.tpp.blog/1dx8b10

#cybersecurity #langflow #cve20265027

🤖 This post was AI-generated.

Attackers Exploit Langflow Path Traversal Flaw in Active Attacks

A single, unauthenticated request is all it takes to exploit a high-severity flaw in Langflow, a popular AI development platform, allowing attackers to write arbitrary files to its filesystem. This is made possible by a path traversal vulnerability, CVE-2026-5027, which can be easily triggered due to Langflow's default…

https://osintsights.com/attackers-exploit-langflow-path-traversal-flaw-in-active-attacks?utm_source=mastodon&utm_medium=social

#Langflow #PathTraversal #Cve20265027 #AiDevelopment #VulnerabilityExploitation

Docling と Langflow で表・画像入り文書の RAG を行う
https://qiita.com/harusamet/items/cd615a943f29d4bf266b?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #NVIDIA #rag #langflow #docling

CISA Flags Actively Exploited Langflow, Trend Micro Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two major vulnerabilities, CVE-2025-34291 and CVE-2026-34926, currently being exploited by hackers, and is requiring federal agencies to patch them by June 4, 2026. These weaknesses, found in Langflow and Trend Micro Apex One, could…

https://osintsights.com/cisa-flags-actively-exploited-langflow-trend-micro-vulnerabilities?utm_source=mastodon&utm_medium=social

#KnownExploitedVulnerabilities #Cve202534291 #Cve202634926 #Langflow #TrendMicro

Как мы построили корпоративную LLM-платформу: архитектура, грабли и выводы

Обычно внедрение AI в компаниях происходит по такому сценарию: собрали одного ассистента, показали руководству, получили аплодисменты. Потом второго, третьего — и через полгода получается зоопарк с разными ключами, моделями и неконтролируемым бюджетом. Вместо набора разрозненных ассистентов мы сразу пошли в платформу. В статье рассказываем, из чего она состоит, как эволюционировало наше железо, зачем понадобилось два слоя наблюдаемости и почему маркетплейсный RAG ломается на PDF-файлах. С графиками, схемой архитектуры и выводами, которые сами хотели бы прочитать год назад.

https://habr.com/ru/companies/sminex_developer/articles/1037438/

#ai #llm #openwebui #langflow #langfuse #litellm #vllm #openai

Agenti AI, workflow intelligenti e strumenti open source: quali vale davvero la pena provare nel 2026?

Ne ho raccolti diversi in Migliori strumenti AI agentici open source da usare nel 2026, confrontandoli per i vari utilizzi possibili:

🔗 https://www.risposteinformatiche.it/migliori-strumenti-ai-agentici-open-source-2026/

@opensource @linux

#AI #AIagents #OpenSource #Linux #Docker #Automation #UnoLinux #UnoOpenSource #Agenti #n8n #dify #crewai #flowise #langflow #autogen #haystack #openhands

CVE-2026-3346: stored XSS in IBM Langflow 1.6.0-1.8.4. Authenticated attacker injects JS into Web UI fields, steals cookies/sessions. No patch, no exploit in wild. CVSS 6.4, but credential disclosure risk is real. Pin your versions. #XSS #Langflow

https://www.valtersit.com/cve/2026/04/cve-2026-3346/

CVE Alert: CVE-2026-6543 - IBM - Langflow Desktop - https://www.redpacketsecurity.com/cve-alert-cve-2026-6543-ibm-langflow-desktop/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-6543 #ibm #langflow-desktop