2 matches found
CVE-2026-3346
creationtimestamp| type| source ---|---|--- 2026-04-30 22:47:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkqoz2hd4x2v 2026-05-03 21:06:48+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mky2smzu6f2f...
Security Bulletin: Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw
Summary A stored cross-site scripting XSS vulnerability in Langflow allows attackers to inject and execute arbitrary HTML/JavaScript through the Playground event-streaming and Markdown rendering pipeline due to unsafe use of rehypeRaw without sanitization, potentially leading to session theft,...