CVE-2026-21445 is a critical Langflow authentication bypass now actively exploited. Attackers can access AI workflows, user data, and transaction history without login.
Following the recent confirmation of the Vercel breach, where threat actors claimed to be actively selling stolen corporate data, Hudson Rock has identified the likely point of origin. Our cybercrime intelligence indicates that a very recent infostealer infection of an employee at a third-party vendor likely resulted in this massive supply chain escalation.
