A vulnerability in AI toolkit LangFlow that gives an unauthenticated attacker full remote code execution (RCE) is being exploited in the wild.

Over 500 instances are publicly exposed. Strikingly, it appears that the simple exploit was developed with the help of Chinese LLM DeepSeek.

Get the full story: Subscribe for free

Get the story, a weekly newsletter (you can turn that off if you want) and support independent journalism. Subscribe today.

Subscribe now

Already a member? Sign in