SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.
CSO Online

Langflow RCE under active attack months after a patch was shipped

Actively exploited CVE-2026-5027 lets attackers write files to arbitrary locations on vulnerable Langflow servers, creating a path to remote code execution and full system compromise.
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
Morning Overview on MSN

Sysdig’s first documented LLM-agent intrusion drove a database exfiltration in under an hour — a four-pivot autonomous attack that the company says nobody had eve…

Security teams defending cloud infrastructure now face a threat that moves faster than any human attacker. Sysdig says it ...

Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and ...
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
Infosecurity Magazine

Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites

A critical vulnerability in the Everest Forms Pro plugin for WordPress has been actively exploited to hijack vulnerable ...