Critical Langflow Vulnerability Exploited Hours After Public Disclosure
securityweek
Threat actors started exploiting a critical Langflow vulnerability roughly 20 hours after public disclosure, Sysdig reports.
Langflow is a popular open source framework for creating and deploying AI agents and workflows using a visual builder interface, with over 145,000 GitHub stars and more than 8,000 forks.
On March 17, Langflow version 1.8.1 was released with patches for a critical vulnerability leading to unauthenticated remote code execution (RCE).
Tracked as CVE-2026-33017 (CVSS score of 9.3), the issue impacts a POST endpoint that allows developers to create public flows without requiring authentication.
Because of the bug, when the optional ‘data’ parameter is supplied, the endpoint uses flow data that an attacker can supply in node definitions in the form of Python code, instead of the flow data stored in the database.
The code is executed without sandboxing, leading to RCE without authentication. According to Sysdig, a single ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE