Langflow CVE-2026-5027 under active exploitation despite patch available for 60+ days

According to CSO Online, open-source AI orchestration platform Langflow is experiencing active exploitation of a high-severity path traversal vulnerability in its file upload functionality that allows remote code execution. A patch was released over two months ago, but enterprises continue deploying unpatched versions. The vulnerability is compounded by Langflow's auto-login behavior, which can allow unauthenticated exploitation.