CRITICALAdvisoryJul 07, 2026
Action required
Immediately patch all Langflow instances to the latest version to close CVE-2025-3248. Hunt for exploitation attempts and suspicious lateral movement in MySQL and Nacos logs. Flag any anomalous LLM API calls (OpenAI, Anthropic, DeepSeek, Gemini tokens) in your environment.
Affected products
SysdigLangflowMySQLAlibaba Nacos
CVE IDs
Linked articles