A vulnerability in AI toolkit LangFlow that gives an unauthenticated attacker full remote code execution (RCE) is being exploited in the wild.

Over 500 instances are publicly exposed. Strikingly, it appears that the simple exploit was developed with the help of Chinese LLM DeepSeek.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in