Critical Langflow RCE Vulnerability Exploited Within 20 Hours

Critical Langflow RCE Vulnerability Exploited Within 20 Hours

First seen 20 Mar 2026, 23:42 UTC CvefeedScmagazineRadar.OffseqScworldCcb.Belgium.Be+9 82% similarity 72.8

Article Content

Browse articles
ThreatCluster

A critical vulnerability in Langflow, tracked as CVE-2026-33017, allows unauthenticated remote code execution (RCE) via the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. This flaw was exploited within 20 hours of its disclosure on March 20, 2026, with the first successful data exfiltration occurring shortly after 25 hours. Attackers can send crafted HTTP requests containing arbitrary Python code that executes server-side without sandboxing. The vulnerability affects users of Langflow, a popular open-source framework for building AI workflows, which has over 145,000 stars on GitHub. Sysdig reported that attackers are leveraging this vulnerability to pivot into connected AI pipelines, potentially harvesting sensitive API keys and database credentials. The CVSS score for this vulnerability is 9.3, indicating its critical nature. The issue was patched in version 1.9.0 of Langflow. No public exploits were reported prior to the vulnerability's disclosure, but exploitation attempts were quickly observed. Organizations using Langflow are at risk of significant data loss and system compromise.

Key Points: • CVE-2026-33017 allows unauthenticated RCE in Langflow, affecting public flow builds. • Exploitation attempts were detected within 20 hours of the vulnerability's disclosure. • The vulnerability has a CVSS score of 9.3, indicating a critical threat level.

ThreatCluster AI

Timeline

2025-04-07
CVE-2025-3248 published
2026-03-18
First exploitation attempts detected by Sysdig
2026-03-20
CVE-2026-33017 published
2026-03-21
Langflow vulnerability reported in multiple news articles

Community

Browse all →