IOC Radar
TLP:WHITE5 IOCs

Critical Langflow Vulnerability Exploited for Malicious Code Execution

CP
Cyber Press
Published June 11, 2026Original Report

Threat Actors

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYMuddyWaterINFRASTRUCTUREunknownCAPABILITYunknownVICTIMunknown
Adversary(1)
Infrastructure
Capability
Victim

Attack Flow5 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1190
1/5
Exploit Public-Facing Application
ActionExploit public-facing application
Attackers exploit a path traversal vulnerability (CVE-2026-5027) in the Langflow platform's POST /api/v2/files endpoint.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise5

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2026-5027
exploitintel-blogvulnerability
Medium
51
Jun 11, 26
CVECVE-2026-33017
cryptominerexploitintel-blog
High
61
Jun 3, 26
CVECVE-2025-34291
exploitintel-blogmalware
Medium
54
Jun 8, 26
CVECVE-2026-21445
exploitintel-blogmalware
Medium
51
Jun 11, 26
CVECVE-2026-0770
exploitintel-blogmalware
Medium
51
Jun 11, 26

IOC Relationship Graph

IOC Relationship Graph5 total IOCs
CVE
CVE5Actors1REPORTCritical Langflow VulnerabMuddyWater
scroll to zoom · drag to pan · click IOC to open