Threat actors are actively exploiting a high-severity vulnerability in Langflow, a popular low-code AI development platform, that allows remote code execution through an unpatched path traversal flaw. The vulnerability, tracked as CVE-2026-5027, is particularly dangerous because Langflow enables unauthenticated auto-login by default, meaning attackers can exploit the flaw without credentials by simply sending an unauthenticated request to obtain a session token. With approximately 7,000 Langflow instances exposed to the internet, the attack surface is significant, and security researchers warn this represents a growing trend of hackers targeting the infrastructure used to build and deploy AI applications.