Shuyang Wang

**Name of the Vulnerable Software and Affected Versions** Langflow versions prior to 1.7.0 **Description** A chained issue enables account takeover and remote code execution. An overly permissive Cross-Origin Resource Sharing (CORS) configuration, where `allow origins` is set to '*' and `allow credentials` is set to `True`, combined with a refresh token cookie configured as `SameSite=None`, allows a malicious webpage to perform cross-origin requests that include credentials. This allows an attacker-controlled origin to call the refresh endpoint and obtain fresh `access token` and `refresh token` pairs for a victim session. These tokens provide access to authenticated endpoints, including built-in code-execution functionality, allowing the attacker to execute arbitrary code and achieve full system compromise. This issue has been actively exploited in the wild. **Recommendations** Update to a version later than 1.6.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MCP Inspector versions prior to 0.16.6 **Description** The MCP Inspector, a developer tool for testing and debugging MCP servers, is susceptible to a cross-site scripting issue. This issue occurs when connecting to untrusted remote MCP servers with a malicious redirect URI. Exploitation of this issue could allow interaction with the inspector proxy, potentially triggering arbitrary command execution. **Recommendations** Update MCP Inspector to version 0.16.6.