RiskEvents

Developing event. Generated by AI and subject to further corroboration and review.

DevelopingMedium impactAI Refreshed

Path traversal vulnerability in Langflow AI platform actively exploited

Occurred 10 Jun 2026·Detected 16 Jun 2026·
Global - vulnerability affects publicly exposed Langflow instances worldwide2 reports
CyberPropertyCyberCasualty & Liability

CVE-2026-5027, a high-severity unauthenticated path traversal vulnerability in the Langflow AI development platform, is being actively exploited. Exploitation evidence to date is limited to test-file drops observed on honeypots; no insured losses, breach notifications, or claims activity have been confirmed. Roughly 7,000 Langflow instances have been identified as publicly exposed, and a fix is available in Langflow 1.10.0. Materiality depends on patch adoption and whether exploitation progresses beyond initial access.

AI-generated from linked source reports. See our correction policy.

Impact verdict

Medium impact. Loss pathway is cyber. Unauthenticated exploitation of a widely deployed AI development platform, combined with default unauthenticated auto-login and a history of prior Langflow CVEs being exploited (including a CISA-noted link to the Iranian state-sponsored group MuddyWater), raises the ceiling of potential accumulation risk. Counterweights: no confirmed insured losses, breach notifications, or claims activity, and exploitation evidence to date is limited to test file drops detected in honeypots. Materiality depends on patch adoption rates among the exposed footprint and whether exploitation progresses beyond initial access. Relevant to cyber underwriters monitoring accumulation risk across AI/tech insureds and to incident-response capacity planning.

View assessment methodology

How we grade what we know -- Known · Reported · Uncertain. Methodology →

Intelligence ledger

Each line expands in place to its underlying sourced claim.

AI refreshed 18 Jun 2026, 11:08

Known41 lines

CVE-2026-5027 is a high-severity path traversal vulnerability in Langflow's file upload functionality
structured lineknown
No separate sourced-claim record is available for this line yet.
Langflow enables unauthenticated auto-login by default, making exploitation possible without credentials
structured lineknown
No separate sourced-claim record is available for this line yet.
VulnCheck honeypots have detected active exploitation dropping test files on vulnerable instances
structured lineknown
No separate sourced-claim record is available for this line yet.
A patch was released in Langflow version 1.10.0
structured lineknown
No separate sourced-claim record is available for this line yet.
Tenable publicly disclosed the issue on March 27, 2026 after reporting to Langflow team without response
structured lineknown
No separate sourced-claim record is available for this line yet.
Earlier Langflow CVEs (CVE-2026-0770, CVE-2026-21445, CVE-2026-33017, CVE-2025-3248) have also been actively exploited
structured lineknown
No separate sourced-claim record is available for this line yet.
CISA previously warned about exploitation of CVE-2025-3248 linked to Iranian threat group MuddyWater
structured lineknown
No separate sourced-claim record is available for this line yet.
Tenable publicly disclosed CVE-2026-5027 on March 27, 2026 after reporting to the Langflow team without response.
disclosure_tenable_march_2026contextvalid from 27 Mar 2026, 00:00Cyber
Market relevance: Indicates vendor response posture; relevant to supply-chain risk discussions.
Tenable publicly disclosed the issue on March 27, 2026” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow enables unauthenticated auto-login by default, allowing exploitation without credentials; a single unauthenticated request yields a valid session token.
default_unauthenticated_auto_loginaccumulation riskCyber
Market relevance: Amplifies exploitability and accumulation potential for cyber exposures.
Because Langflow enables unauthenticated auto-login by default, no credentials are required” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Tenable publicly disclosed CVE-2026-5027 on March 27, 2026 after reporting to the Langflow team without response.
cve_2026_5027_tenable_disclosure_march_2026accumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Coordinated disclosure failure lengthens the pre-patch exploitation window for insureds.
Tenable publicly disclosed the issue on March 27, 2026 after reporting to Langflow team without response” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Earlier Langflow CVEs (CVE-2026-0770, CVE-2026-21445, CVE-2026-33017, CVE-2025-3248) have also been actively exploited.
prior_langflow_cves_actively_exploitedaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Repeated exploitation of Langflow vulnerabilities elevates the platform's threat-actor attractiveness and cyber accumulation risk.
Earlier Langflow CVEs (CVE-2026-0770, CVE-2026-21445, CVE-2026-33017, CVE-2025-3248) have also been actively exploited” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Tenable publicly disclosed CVE-2026-5027 on 27 March 2026 after reporting the issue to the Langflow team without response.
tenable_disclosure_march_27_2026contextCyber
Market relevance: Provides timeline for patch-window analysis and underwriting diligence on insured response posture.
Tenable publicly disclosed the issue on March 27, 2026 after reporting to Langflow team without response” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Supersession history: 1 prior/revised claim rows.
Langflow enables unauthenticated auto-login by default, so no credentials are required to reach the vulnerable endpoint.
unauthenticated_default_autologinseverity upliftCyber
Market relevance: Affects severity of accumulation risk and the speed of weaponisation; relevant to cyber underwriting and incident response.
Because Langflow enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Tenable publicly disclosed CVE-2026-5027 on 27 March 2026 after reporting to the Langflow maintainers without receiving a response.
langflow_tenable_disclosure_2026_03_27patch lag indicatorCyber
Market relevance: Suggests patch lag, raising the share of exposed-and-unpatched insureds.
BleepingComputer · 10 Jun 2026, 21:23 · trade media
Earlier Langflow CVEs (CVE-2026-0770, CVE-2026-21445, CVE-2026-33017, CVE-2025-3248) have also been actively exploited; CISA previously warned about exploitation of CVE-2025-3248 linked to Iranian threat group MuddyWater.
langflow_prior_cves_actively_exploitedthreat actor contextCyber
Market relevance: History of exploitation raises probability of state-linked or organised criminal follow-on activity against current CVE.
BleepingComputer · 10 Jun 2026, 21:23 · trade media
CISA previously warned that exploitation of CVE-2025-3248 in Langflow has been linked to Iranian state-sponsored threat group MuddyWater.
cisa_muddywater_warningthreat actor geo riskCyber
Market relevance: State-sponsored attribution elevates potential severity and possible geopolitical-loss pathway considerations.
CISA previously warned about exploitation of CVE-2025-3248 linked to Iranian threat group MuddyWater” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Earlier Langflow CVEs (CVE-2026-0770, CVE-2026-21445, CVE-2026-33017, CVE-2025-3248) have also been actively exploited, indicating a recurring pattern of high-impact flaws in the platform.
prior_langflow_cve_historyunderwriting posture signalCyber
Market relevance: Repeated exploitation history raises underwriting concern about platform security posture and remediation culture.
Earlier Langflow CVEs (CVE-2026-0770, CVE-2026-21445, CVE-2026-33017, CVE-2025-3248) have also been actively exploited” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
CVE-2026-5027 is a high-severity unauthenticated path traversal vulnerability in the Langflow AI development platform's file upload functionality.
cve_2026_5027_vulnerability_typeaccumulation riskCyber
Market relevance: Primary loss pathway is cyber; relevant to cyber underwriters and incident-response capacity.
high-severity unauthenticated path traversal flaw in the widely-used AI development platform Langflow” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Active exploitation of CVE-2026-5027 has been observed, with VulnCheck honeypots detecting test-file drops on vulnerable instances.
active_exploitation_observedaccumulation riskCyber
Market relevance: Confirms active exploitation path; supports cyber accumulation-risk monitoring.
attackers are actively exploiting CVE-2026-5027” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
CVE-2026-5027 is a high-severity unauthenticated path traversal vulnerability in Langflow's file upload functionality.
cve_2026_5027_path_traversal_vulnerabilityaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Cyber underwriters should track unpatched Langflow exposures for accumulation potential.
single unauthenticated request is sufficient to obtain a valid session token before proceeding with exploitation” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Supersession history: 1 prior/revised claim rows.
VulnCheck honeypots have detected active exploitation of CVE-2026-5027, with attackers dropping test files on vulnerable instances.
cve_2026_5027_active_exploitation_honeypotaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Confirms exploitation is in flight, supporting accumulation-risk framing for cyber underwriters.
VulnCheck honeypots have detected active exploitation dropping test files on vulnerable instances” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow enables unauthenticated auto-login by default, meaning no credentials are required to reach the vulnerable endpoint.
cve_2026_5027_default_unauthenticated_autologinaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Removes credential barrier for exploitation, expanding the attacker pool and insured-side attack surface.
Because Langflow enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
CVE-2026-5027 is a high-severity unauthenticated path traversal vulnerability in Langflow's file upload functionality.
cve_2026_5027_vulnerability_classaccumulation riskCyber
Market relevance: Cyber underwriters should treat this as an active-vulnerability signal for any insured running Langflow, with relevance to AI/tech, SaaS, and developer-tool insureds.
high-severity unauthenticated path traversal vulnerability, CVE-2026-5027, in Langflow's file upload functionality” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow enables unauthenticated auto-login by default, allowing exploitation of CVE-2026-5027 without credentials; a single unauthenticated request can obtain a valid session token.
langflow_unauthenticated_auto_loginaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Default unauthenticated access materially raises the ease of exploitation and the size of the at-risk population.
Because Langflow enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint, and a single unauthenticated request is sufficient to obtain a valid session token before proceeding with exploitation.” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
CVE-2026-5027 is a high-severity unauthenticated path traversal vulnerability in the Langflow AI development platform's file upload functionality.
cve_2026_5027_path_traversal_existenceaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Identifies a specific, named vulnerability in a widely deployed AI platform relevant to cyber accumulation monitoring.
CVE-2026-5027 is a high-severity unauthenticated path traversal vulnerability in Langflow's file upload functionality” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow enables unauthenticated auto-login by default, allowing a single unauthenticated request to obtain a valid session token and reach the vulnerable endpoint.
langflow_unauthenticated_default_autologinseverity amplifierCyber
Market relevance: Removes credential barrier, broadening the pool of exposed insureds.
Because Langflow enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint, and a single unauthenticated request is sufficient to obtain a valid session token before proceeding with exploitation.” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
CVE-2026-5027 is a high-severity path traversal vulnerability in Langflow's file upload functionality.
langflow_cve_2026_5027_path_traversal_existenceaccumulation riskCyber
Market relevance: Cyber underwriters tracking AI/tech insureds should assess patch status of Langflow deployments.
BleepingComputer · 10 Jun 2026, 21:23 · trade media
VulnCheck honeypots have detected active exploitation of CVE-2026-5027, with observed activity limited to dropping test files on vulnerable instances.
langflow_cve_2026_5027_active_exploitation_vulncheckearly loss indicatorCyber
Market relevance: Demonstrates real-world weaponisation; current activity limited to proof-of-concept payloads.
BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow enables unauthenticated auto-login by default, so no credentials are required to reach the vulnerable endpoint; a single unauthenticated request can obtain a valid session token before exploitation.
unauthenticated_default_auto_loginseverity uplift factorCyber
Market relevance: Default unauthenticated access materially expands the attacker pool and raises accumulation potential across exposed instances.
Because Langflow enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint, and a single unauthenticated request is sufficient to obtain a valid session token before proceeding with exploitation.” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
No insured losses, breach notifications, or claims activity have been confirmed in connection with CVE-2026-5027.
no_confirmed_insured_lossescontextCyber
Market relevance: Floors severity at medium until loss evidence emerges; supports monitoring posture.
no insured losses, breach notifications, or claims activity have been confirmed” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Supersession history: 1 prior/revised claim rows.
A fix for CVE-2026-5027 is available in Langflow version 1.10.0.
patch_available_v1_10_0mitigation availableCyber
Market relevance: Affects residual risk profile; patch adoption drives materiality outcome.
a patch is available in version 1.10.0” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
No insured losses, breach notifications, or claims activity have been confirmed in connection with CVE-2026-5027 at this stage.
no_confirmed_insured_losses_or_claimsloss mitigationvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Sets a conservative baseline; severity cannot be lifted to high without confirmed insured losses.
no insured losses, breach notifications, or claims activity have been confirmed at this stage” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
A fix for CVE-2026-5027 is available in Langflow version 1.10.0.
cve_2026_5027_patch_available_1_10_0loss mitigationvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Patch availability constrains loss trajectory if adoption is rapid; slow adoption sustains accumulation risk.
A patch is available in Langflow 1.10.0” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
VulnCheck honeypots have detected active exploitation of CVE-2026-5027, with attackers dropping test files on vulnerable instances.
active_exploitation_honeypot_evidenceloss pathwayCyber
Market relevance: Confirms exploitation-in-the-wild, not merely proof-of-concept; supports treating event as active rather than theoretical.
VulnCheck honeypots have detected active exploitation dropping test files on vulnerable instances” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
A patch has been released in Langflow version 1.10.0 to address CVE-2026-5027.
patch_availability_1_10_0severity upliftCyber
Market relevance: Patch availability constrains but does not eliminate accumulation risk; relevant to underwriting guidance on insured patch posture.
A patch was released in Langflow version 1.10.0” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
CVE-2026-5027 is being actively exploited, with VulnCheck honeypots detecting exploitation that drops test files on vulnerable instances.
cve_2026_5027_active_exploitationaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Active exploitation of an unauthenticated flaw elevates urgency for cyber underwriters tracking accumulation.
VulnCheck honeypots have detected active exploitation dropping test files on vulnerable instances” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Tenable publicly disclosed CVE-2026-5027 on March 27, 2026 after reporting to the Langflow team without response.
tenable_disclosure_march_2026risk mitigationvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Non-response from vendor prior to public disclosure is a factor in patch-lag risk models.
Tenable publicly disclosed the issue on March 27, 2026 after reporting to Langflow team without response” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
A fix for CVE-2026-5027 is available in Langflow version 1.10.0.
langflow_patch_version_1_10_0risk mitigationvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Patch availability is a key lever for underwriter messaging and breach-response planning.
A fix is available in Langflow version 1.10.0” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Supersession history: 1 prior/revised claim rows.
A patch addressing CVE-2026-5027 is available in Langflow version 1.10.0.
patch_available_in_version_1_10_0remediation horizonCyber
Market relevance: Patch availability sets a clear remediation deadline; insured loss severity depends on patching cadence across exposed instances.
A patch was released in Langflow version 1.10.0” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
The event is in 'signal' lifecycle status, indicating early-stage intelligence with active exploitation observed but no confirmed insured losses.
lifecycle_status_signallifecycle indicatorvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Lifecycle status informs underwriter urgency and surveillance posture.
Source · 16 Jun 2026, 02:39
VulnCheck honeypots have detected active exploitation of CVE-2026-5027, with observed activity dropping test files on vulnerable instances.
active_exploitation_detected_by_vulncheckthreat activity confirmationvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Confirmed active exploitation shifts the event from theoretical exposure to a live threat with potential insured-loss pathway.
VulnCheck honeypots have detected active exploitation dropping test files on vulnerable instances” — BleepingComputer · 10 Jun 2026, 21:23 · trade media

Reported17 lines

Censys identified roughly 7,000 publicly exposed Langflow instances, though figure may include historical data
structured linereported
No separate sourced-claim record is available for this line yet.
Langflow has accumulated 149,000+ stars and 9,200 forks on GitHub indicating wide adoption
structured linereported
No separate sourced-claim record is available for this line yet.
CISA previously warned about exploitation of CVE-2025-3248 linked to the Iranian state-sponsored threat group MuddyWater.
cisa_muddywater_attribution_prior_cveaccumulation riskCyber
Market relevance: Raises threat-actor severity profile and potential for targeted follow-on activity against AI/tech insureds.
CISA previously warned about exploitation of CVE-2025-3248 linked to Iranian threat group MuddyWater” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow has accumulated more than 149,000 GitHub stars and 9,200 forks, indicating wide adoption.
langflow_github_adoptionaccumulation riskCyber
Market relevance: Indicates broad install base; widens potential accumulation scope across insureds.
Langflow has accumulated 149,000+ stars and 9,200 forks on GitHub” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Supersession history: 1 prior/revised claim rows.
A German-language GDELT-translated source (blogspan.net) corroborates that CVE-2026-5027 is being actively exploited and recommends immediate patching.
corroborating_gdelt_translation_sourcecontextvalid from 11 Jun 2026, 09:15Cyber
Market relevance: Confirms active exploitation narrative across language markets.
Aktiv ausgenutzte Root-Lücke — sofort patchen” — blogspan.net · 11 Jun 2026, 09:15 · mainstream media
Earlier Langflow CVEs (CVE-2026-0770, CVE-2026-21445, CVE-2026-33017, CVE-2025-3248) have also been actively exploited.
prior_langflow_cves_exploitedaccumulation riskCyber
Market relevance: Reinforces pattern of exploitability and accumulation potential across Langflow deployments.
Earlier Langflow CVEs ... have also been actively exploited” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Supersession history: 1 prior/revised claim rows.
Censys scans have identified roughly 7,000 publicly exposed Langflow instances; the figure may include historical data.
exposed_instance_count_censysaccumulation riskCyber
Market relevance: Caps potential accumulation footprint for cyber underwriters.
Approximately 7,000 Langflow instances were identified as publicly exposed via Censys scans” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Supersession history: 1 prior/revised claim rows.
CISA previously warned that exploitation of CVE-2025-3248 has been linked to Iranian state-sponsored group MuddyWater.
cve_2025_3248_muddywater_linkaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: State-sponsored threat actor linkage raises the ceiling of potential impact and elevates cyber war/aggregation considerations.
CISA previously warned about exploitation of CVE-2025-3248 linked to Iranian threat group MuddyWater” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow has accumulated more than 149,000 GitHub stars and 9,200 forks, indicating wide developer adoption.
langflow_github_adoption_signalsaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: High adoption widens the potential insured-base exposure to this and prior Langflow CVEs.
Langflow has accumulated 149,000+ stars and 9,200 forks on GitHub indicating wide adoption” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow has accumulated 149,000+ stars and 9,200 forks on GitHub, indicating wide adoption among AI developers.
langflow_adoption_github_metricsaccumulation riskCyber
Market relevance: Adoption metric informs the size of the theoretical exposure pool for cyber accumulation analysis.
Langflow has accumulated 149,000+ stars and 9,200 forks on GitHub indicating wide adoption” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
CISA previously warned about exploitation of CVE-2025-3248 in Langflow, with reporting linking activity to Iranian state-sponsored group MuddyWater.
cisa_muddywater_attributionaccumulation riskCyber
Market relevance: State-linked exploitation history raises tail-risk perception and may influence cyber underwriting capacity decisions and war/cyber exclusions.
CISA previously warned about exploitation of CVE-2025-3248 linked to Iranian threat group MuddyWater” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Censys identified approximately 7,000 publicly exposed Langflow instances, though the figure may include historical data.
exposed_langflow_instances_censysaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Exposure footprint is a primary input for cyber accumulation scenario sizing.
Censys identified roughly 7,000 publicly exposed Langflow instances, though figure may include historical data” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
CISA previously warned about exploitation of CVE-2025-3248 in Langflow, linked to the Iranian state-sponsored threat group MuddyWater.
cisa_muddywater_warning_langflowaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: State-sponsored interest in the platform raises the ceiling of potential loss scenarios.
CISA previously warned about exploitation of CVE-2025-3248 linked to Iranian threat group MuddyWater” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Langflow has accumulated more than 149,000 GitHub stars and 9,200 forks, indicating wide developer adoption.
langflow_adoption_signalsadoption contextCyber
Market relevance: Broadens the pool of potential insureds that may run self-hosted Langflow environments.
BleepingComputer · 10 Jun 2026, 21:23 · trade media
Censys identified approximately 7,000 publicly exposed Langflow instances, though the figure may include historical data.
langflow_exposed_instances_censys_7000accumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Defines the upper bound of the cyber accumulation footprint for underwriting and IR capacity planning.
Censys identified roughly 7,000 publicly exposed Langflow instances, though figure may include historical data” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Censys scans identified roughly 7,000 publicly exposed Langflow instances, though the figure may include historical data.
langflow_censys_exposed_instancesaccumulation estimateCyber
Market relevance: Sets an upper bound on the addressable exposed-insured population.
BleepingComputer · 10 Jun 2026, 21:23 · trade media
The loss pathway is cyber; exploitation could enable ransomware staging, data exfiltration, and lateral movement into corporate networks, particularly where Langflow is deployed in enterprise environments.
loss_pathway_cyberaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Directly frames the cyber accumulation scenario relevant to underwriters and incident-response capacity.
Active unauthenticated exploitation of a widely deployed AI development platform could enable ransomware staging, data exfiltration, and lateral movement into corporate networks” — BleepingComputer · 10 Jun 2026, 21:23 · trade media

Uncertain18 lines

Actual number of currently exposed and vulnerable Langflow instances
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Scale of successful exploitation beyond honeypot detection
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether any Langflow-using organizations have suffered confirmed breaches or data loss
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Total cyber insurance claim exposure from this vulnerability
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The actual number of currently exposed and vulnerable Langflow instances is unconfirmed; the Censys figure may include historical or non-vulnerable exposures.
uncertain_vulnerable_footprintaccumulation riskCyber
Market relevance: Uncertainty bounds accumulation modeling; key driver of materiality.
though figure may include historical data” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
The scale of successful exploitation beyond honeypot detection of test file drops is not known.
uncertain_exploitation_scale_beyond_honeypotscontextCyber
Market relevance: Limits confidence in attributing material loss activity to this CVE in the near term; relevant to claims triage and notification monitoring.
Scale of successful exploitation beyond honeypot detection is uncertain” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
The actual number of currently exposed and unpatched Langflow instances is not known.
uncertain_current_vulnerable_footprintaccumulation riskCyber
Market relevance: Key uncertainty for accumulation modelling; underwriters should not treat the 7,000 figure as the live exposure base.
Actual number of currently exposed and vulnerable Langflow instances is uncertain” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
The actual number of Langflow instances currently exposed AND running a vulnerable version is unconfirmed; Censys exposure figures may include historical/honey data.
current_vulnerable_instance_count_uncertainaccumulation uncertaintyCyber
Market relevance: Vulnerable-population estimate is the primary uncertainty for cyber accumulation sizing.
Actual number of currently exposed and vulnerable Langflow instances is uncertain” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
It is unconfirmed whether exploitation of CVE-2026-5027 has progressed beyond test file drops to ransomware deployment, data exfiltration, or other high-impact outcomes.
exploitation_beyond_test_file_drops_uncertainseverity uplift uncertaintyCyber
Market relevance: Maturity of exploitation is the primary driver of eventual insured-loss severity; currently observed activity is reconnaissance-grade.
Whether any Langflow-using organizations have suffered confirmed breaches or data loss” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
The actual number of currently exposed and vulnerable Langflow instances is uncertain; the 7,000 figure may include historical data.
langflow_current_exposed_count_uncertainexposure uncertaintyCyber
Market relevance: Uncertainty caps portfolio accumulation estimates pending fresh telemetry.
BleepingComputer · 10 Jun 2026, 21:23 · trade media
No insured losses, breach notifications, or claims activity have been confirmed in connection with CVE-2026-5027 at this stage.
langflow_no_confirmed_insured_lossesloss floorCyber
Market relevance: Caps current severity at signal/accumulation-watch rather than attritional loss.
BleepingComputer · 10 Jun 2026, 21:23 · trade media
Total cyber insurance claim exposure from this vulnerability is unquantified.
uncertain_total_cyber_claim_exposureaccumulation riskCyber
Market relevance: Aggregate exposure depends on patch adoption and progression of exploitation; key underwriter question.
no insured losses, breach notifications, or claims activity have been confirmed” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Total cyber insurance claim exposure from CVE-2026-5027 remains unquantified.
total_cyber_claim_exposure_uncertainloss mitigationvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Supports a watch posture rather than a re-rating; severity band cannot be raised without quantified exposure.
Total cyber insurance claim exposure from this vulnerability” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Materiality depends on the share of organizations still running vulnerable Langflow versions and whether exploitation progresses beyond initial access.
materiality_dependent_on_patch_lagaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Frames the conditionality of underwriter exposure and capacity planning.
Materiality depends on the share of organisations still running vulnerable versions and whether exploitation progresses beyond initial access” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
The actual number of currently exposed and vulnerable Langflow instances is uncertain; the Censys 7,000 figure may include historical data.
actual_currently_vulnerable_instances_uncertainaccumulation riskvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Underwriters cannot yet bound the live accumulation footprint with precision.
Actual number of currently exposed and vulnerable Langflow instances is uncertain” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
It is not known whether any Langflow-using organizations have suffered confirmed breaches or data loss as a result of CVE-2026-5027.
no_confirmed_breaches_or_data_lossloss mitigationvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Absence of confirmed breach caps severity at medium in the absence of new evidence.
Whether any Langflow-using organizations have suffered confirmed breaches or data loss” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
The scale of successful exploitation beyond honeypot detection is not yet known.
scale_of_successful_exploitation_uncertainloss mitigationvalid from 16 Jun 2026, 02:33Cyber
Market relevance: Limits ability to translate technical exploitation into insured-loss severity.
Scale of successful exploitation beyond honeypot detection” — BleepingComputer · 10 Jun 2026, 21:23 · trade media
Whether any Langflow-using organizations have suffered confirmed breaches or data loss is unconfirmed.
uncertain_breach_confirmationscontextCyber
Market relevance: Breach confirmations would escalate severity and trigger notification/cost pathways.
no insured losses, breach notifications, or claims activity have been confirmed” — BleepingComputer · 10 Jun 2026, 21:23 · trade media

Latest developments

  • CVE-2026-5027 is a high-severity unauthenticated path traversal flaw in Langflow. BleepingComputer
  • Exploitation is active; honeypots have observed test-file drops. BleepingComputer
  • Default configuration permits unauthenticated access, raising exploitability. BleepingComputer
  • A fix is available in Langflow 1.10.0. BleepingComputer
  • Around 7,000 Langflow instances are reported as publicly exposed (figure may include historical data). BleepingComputer
  • Tenable disclosed the issue publicly on March 27, 2026 after the Langflow team did not respond. BleepingComputer
  • Multiple prior Langflow CVEs have also been actively exploited. BleepingComputer
  • CISA has previously linked exploitation of a prior Langflow CVE to Iranian group MuddyWater. BleepingComputer

Timeline

Intelligence Refresh18 Jun 2026, 11:08
Status Change18 Jun 2026, 00:42

Status changed to developing

evidence_trigger: corroboration >= 2

signal -> developing

Corroboration18 Jun 2026, 00:42

A critical path traversal vulnerability (CVE-2026-5027) in Langflow, an open-source AI workflow platform, is being actively exploited in the wild, enabling remote code execution. Immediate patching is advised. The vulnerability poses a supply-chain risk for enterprises and organizations using Langflow in production environments, with potential implications for cyber insurance underwriting and incident response.

Source: blogspan.net (Mainstream Media) · View source

Initial Detection16 Jun 2026, 02:33

Initial Detection

Attackers are actively exploiting CVE-2026-5027, a high-severity unauthenticated path traversal flaw in the widely-used AI development platform Langflow, to write arbitrary files on exposed servers. Approximately 7,000 Langflow instances were identified as publicly exposed via Censys scans, creating potential cyber exposure for organizations using the platform for AI development. The vulnerability requires no authentication due to default auto-login settings and a patch is available in version 1.10.0.

Because Langflow enables unauthenticated auto-login by default, no credentials are required to reach the vulnerable endpoint, and a single unauthenticated request is sufficient to obtain a valid session token before proceeding with exploitation.

Source: BleepingComputer (Trade Media) · View source

Lloyd's classifications

Tracking this kind of risk? Get an email when Cyber events escalate.

Get alerts
← Back to live events