Langflow instances are under active attack via CVE-2026-5027 (patch available since April), which enables arbitrary file writes and remote code execution – particularly critical with default authentication and internet accessibility.