7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes.
In a security breach that underscores the vulnerabilities in AI frameworks, over 7,000 Langflow servers are currently under attack. This matters because Langflow, LangGraph, and LangChain, some of the most widely used AI agent frameworks, have become integral to many companies’ infrastructures without adequate security measures. The breach highlights the urgent need for better security protocols as these frameworks handle sensitive data, including OpenAI keys, database credentials, and CRM tokens.
### What the AI Frameworks Actually Do
LangGraph, Langflow, and LangChain are AI frameworks that provide memory and state management capabilities to AI agents. LangGraph, for instance, offers a persistence layer through checkpointers that store the execution state of AI agents. This framework has been downloaded over 50 million times a month, indicating its widespread use. Langflow, on the other hand, is a framework that facilitates file uploads and prompt configurations, while LangChain-core plays a crucial role in loading prompt configurations and holding various credentials.
These frameworks have rapidly become part of production environments due to their ability to manage complex AI tasks efficiently. However, this rush to integrate such tools has left gaping security holes. LangGraph’s SQL injection vulnerability, for instance, allows attackers to manipulate the framework’s database to gain unauthorized access, while Langflow’s path traversal bug lets attackers upload malicious files directly to the server.
### Competitive Context and Security Oversights
The vulnerabilities in these AI frameworks are not isolated incidents but part of a larger oversight in the AI industry. The rush to deploy AI frameworks like LangGraph and Langflow has outpaced the development of robust security measures, leaving them susceptible to common vulnerabilities like SQL injection and path traversal. This oversight is partly due to the frameworks’ rapid adoption and the complexity of securing AI systems that interact with diverse data sources and APIs.
Competitors in the AI framework market, such as TensorFlow and PyTorch, have historically faced similar issues but have made strides in securing their platforms. However, the rapid evolution and deployment of AI technologies mean that security often takes a backseat to functionality and speed. This gap in security is where attackers have found opportunities to exploit these frameworks, as evidenced by the active attacks on Langflow and the vulnerabilities in LangGraph and LangChain.
### Real Implications for Founders, Engineers, and the Industry
For founders and engineers, the vulnerabilities in these frameworks serve as a stark reminder of the importance of integrating security into the development lifecycle. Relying on third-party frameworks without a thorough security audit can expose sensitive data and critical infrastructure to attacks. Engineers must prioritize security patches and updates, even if it means slowing down the deployment of AI systems.
For the AI industry, these breaches highlight the need for a cultural shift towards prioritizing security as much as innovation. As AI systems become more embedded in critical operations, the industry must develop and adopt security best practices tailored to the unique challenges posed by AI frameworks. This includes regular security audits, vulnerability assessments, and the implementation of robust access controls.
The active exploitation of Langflow and the vulnerabilities in LangGraph and LangChain are calls to action for the AI community. Developers and companies must take immediate steps to secure their AI infrastructures by applying the latest patches and reviewing their security protocols.
### What Happens Next
The immediate task for companies using these frameworks is to apply the recommended updates: upgrading langgraph-checkpoint-sqlite to version 3.0.1, langgraph to 1.0.10, and langgraph-checkpoint-redis to 1.0.2. For Langflow, patching CVE-2026-5027 is critical to prevent further exploitation.
Looking forward, this incident should serve as a catalyst for companies to reevaluate their approach to AI deployment, ensuring that security is a foundational component rather than an afterthought. For founders and engineers, this means dedicating resources to security training and adopting a proactive stance on vulnerability management. In doing so, they can not only protect their organizations from potential breaches but also contribute to a more secure AI landscape for all.
