Langflow CORS Flaw: Your AI Stack's Master Key
CVE-2025-34291 in Langflow is a CVSS 9.4 chain that hands an attacker your entire SaaS stack — API keys, OAuth tokens, database credentials — from a single page visit. CISA added it to KEV on May 21 with a June 4 federal deadline.