# CVE-2025-34291 — Langflow Origin Validation / CORS
## Overview
**Overly permissive CORS config combined with refresh token cookie config allows credential theft.**
| Field | Value |
|-------|-------|
| CVE | CVE-2025-34291 |
| Severity | HIGH |
| Product | Langflow |
| CISA KEV | 2026-05-21 |
| Attack Type | Origin Validation / CORS |
| Auth Required | None |
### Affected Versions
| Status | Versions |
|--------|----------|
| ❌ Vulnerable | Langflow versions before 1.3.5 |
| ✅ Fixed | Fixed in Langflow 1.3.5+ |
## Installation
# Clone
git clone https://github.com/ridhinva/CVE-2025-34291-Langflow-Scanner.git
cd CVE-2025-34291-Langflow-Scanner
# Install deps (if any)
pip install requests
## Usage
### Scan Single Target
python3 langflow_scanner.py example.com
python3 langflow_scanner.py https://192.168.1.1
### Mass Scan from File
echo "target1.com" > targets.txt
echo "target2.com" >> targets.txt
python3 langflow_scanner.py targets.txt
### Show Vulnerability Info
python3 langflow_scanner.py --info
## How It Works
The scanner checks for exposed endpoints associated with this vulnerability and reports potential targets for manual verification.
## References
| Source | Link |
|--------|------|
| CISA KEV | https://www.cisa.gov/known-exploited-vulnerabilities-catalog |
| NVD Entry | https://nvd.nist.gov/vuln/detail/CVE-2025-34291 |
| Vendor Advisory | https://security.paloaltonetworks.com/CVE202534291 |
## Disclaimer
For authorized security testing and educational purposes only. Unauthorized access is illegal.
## Author
**@c_y_p_h3r** — Bug bounty hunter & security researcher