GoKawiilThe Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents.
The security issue received a critical score of 9.3 out of 10 and can be leveraged for remote code execution, allowing threat actors to build public flows without authentication.
The agency added the issue to the list of Known Exploited Vulnerabilities, describing it as a code injection vulnerability.
Researchers at application security company Endor Labs claim that hackers started exploiting CVE-2026-33017 on March 19, about 20 hours after the vulnerability advisory became public.
No public proof-of-concept (PoC) exploit code existed at the time, and Endor Labs believes that attackers built exploits directly from the information included in the advisory.
Automated scanning activity began in 20 hours, followed by exploitation using Python scripts in 21 hours, and data (.env and .db files) harvesting in 24 hours.
Langflow is a popular open-source visual framework for building AI workflows with 145,000 stars on GitHub. It provides a drag-and-drop interface for connecting nodes into executable pipelines, along with a REST API for running them programmatically.
The tool has widespread adoption across the AI development ecosystem, making it an attractive target for hackers.
In May 2025, CISA issued another warning about active exploitation in Langflow, targeting CVE-2025-3248, a critical API endpoint flaw that allows unauthenticated RCE and potentially leads to full server control.
The most recent flaw, CVE-2026-33017, lets attackers execute arbitrary Python code impacts versions 1.8.1 and earlier of Langflow, and could be exploited via a single crafted HTTP request due to unsandboxed flow execution.
... continue reading