Langflow instances are under active attack via CVE-2026-5027 (patch available since April), which enables arbitrary file writes and remote code execution – particularly critical with default authentication and internet accessibility.
The critical vulnerability CVE-2026-50571 with CVSS 9.3 allows attackers to establish VPN sessions without valid passwords and has been actively exploited against organizations worldwide since May.
A stack-based buffer vulnerability in Windows Netlogon is being actively exploited in the wild to compromise domain controllers – patches from May 12, 2026 are required.