CVE-2026-33017 - Vulnerability Analysis
N/aLast Updated: March 20, 2026
Langflow - Remote Code Execution
Overview
Langflow < 1.9.0 contains an unauthenticated remote code execution caused by use of attacker-controlled flow data passed to exec() without sandboxing in /api/v1/build_public_tmp/{flow_id}/flow endpoint, letting remote attackers execute arbitrary Python code, exploit requires no authentication.
Severity & Score
Impact
Remote attackers can execute arbitrary Python code without authentication, leading to full system compromise.
Mitigation
Update to version 1.9.0 or later.
References
- https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0
- https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
- https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
- https://github.com/advisories/GHSA-rvqx-wpfh-mfx7
Social Media Activity(4 posts)
Critical Langflow RCE Vulnerability CVE-2026-33017 Exploited Within Hours Researchers report active exploitation of a critical RCE vulnerability (CVE-2026-33017) in Langflow that allows unauthenticated attackers to execute arbitrary Python code and steal sensitive API keys. The flaw was weaponized within 20 hours of disclosure, targeting exposed AI orchestration pipelines to harvest credentials and environment variables. **If you're running Langflow, this is urgent. Update immediately to version 1.9.0.dev8 or later to patch CVE-2026-33017, and disable the AUTO_LOGIN=true default setting. Until you can update, restrict network access to the vulnerable endpoint, place Langflow behind a reverse proxy with authentication. Regardless if you patch or isolate, make sure to rotate all API keys and credentials the platform uses after isolating.** #cybersecurity #infosec #attack #activeexploit https://beyondmachines.net/event_details/critical-langflow-rce-vulnerability-cve-2026-33017-exploited-within-hours-q-n-c-a-6/gD2P6Ple2L
View original post
Critical Langflow RCE Vulnerability CVE-2026-33017 Exploited Within Hours Researchers report active exploitation of a critical RCE vulnerability (CVE-2026-33017) in Langflow that allows unauthenticated attackers to execute arbitrary Python code and steal sensitive API keys. The flaw was weaponized within 20 hours of disclosure, targeting exposed AI orchestration pipelines to harvest credentials and environment variables. **If you're running Langflow, this is urgent. Update immediately to version 1.9.0.dev8 or later to patch CVE-2026-33017, and disable the AUTO_LOGIN=true default setting. Until you can update, restrict network access to the vulnerable endpoint, place Langflow behind a reverse proxy with authentication. Regardless if you patch or isolate, make sure to rotate all API keys and credentials the platform uses after isolating.** #cybersecurity #infosec #attack #activeexploit https://beyondmachines.net/event_details/critical-langflow-rce-vulnerability-cve-2026-33017-exploited-within-hours-q-n-c-a-6/gD2P6Ple2L
View original post
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.html Short summary: https://hackerworkspace.com/article/critical-langflow-flaw-cve-2026-33017-triggers-attacks-within-20-hours-of-disclosure #cybersecurity #threatintelligence #vulnerability
View original post
From yesterday. Langflow is "an open-source visual framework for building AI agents and retrieval-augmented generation (RAG) pipelines." Sysdig: CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours More: Infosecurity-Magazine: https://www.infosecurity-magazine.com/news/hackers-exploit-critical-langflow/ #infosec
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-33017
- Severity
- N/a
- Type
- remote_code_execution
- Status
- unconfirmed
- EPSS
- 43.9%
- Social Posts
- 4
CWE
- CWE-94
CVSS Metrics
N/A