An actively exploited vulnerability in open-source AI workflow platform Langflow has exposed more than 74,000 internet-facing instances, highlighting growing security risks across rapidly deployed enterprise AI infrastructure.
A critical vulnerability in the open-source AI workflow orchestration platform Langflow is drawing attention to a broader security challenge facing enterprise AI deployments. The flaw, tracked as CVE-2026-5027, is already being actively exploited and could allow attackers to gain full control of affected servers.
The vulnerability stems from Langflow’s file upload functionality, enabling attackers to write files to arbitrary locations on a target system. Exploitation requires only a single crafted request and no credentials, as authentication is disabled by default.
The risk is amplified by the scale of exposure. Security researchers at ProCircular identified more than 74,000 Langflow instances directly accessible from the internet. With public exploit code already available, exposed deployments face an immediate threat.
The incident also highlights the dangers of insecure default configurations. Many organisations deployed Langflow without enabling authentication or implementing adequate security hardening, leaving systems vulnerable to compromise.
Beyond Langflow, the issue reflects a wider trend in enterprise AI adoption. Open-source AI orchestration and workflow platforms such as Flowise, n8n, and Dify have become popular for rapid prototyping and deployment, often outside traditional IT governance processes.
Security experts increasingly describe these deployments as “shadow AI infrastructure” — business-critical systems operating beyond formal oversight, patch management, and access-control frameworks.
The growing interest of threat actors in AI infrastructure, combined with fast-moving development environments, is challenging traditional security models. Organisations are being urged to patch affected systems, enable authentication, restrict internet exposure, and continuously monitor externally accessible AI assets to reduce risk.
