Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Summary
Attackers exploited a critical vulnerability (CVE-2026-33017) in Langflow, an open-source tool for building AI pipelines, within hours of its public disclosure, allowing them to run arbitrary code on unprotected systems without credentials. The flaw stems from an exposed API endpoint that accepts malicious Python code in workflow data and executes it without sandboxing or authentication checks. CISA added it to its Known Exploited Vulnerabilities catalog and urged federal agencies to patch by April 8, 2026.
Solution / Mitigation
Upgrade to patched versions: the vulnerability affects Langflow versions up to (excluding) 1.8.2 and has been fixed in v1.9.0. Additionally, restrict exposure of vulnerable instances, implement runtime detection rules to monitor for post-exploitation behavior (such as shell commands executed via Python), and monitor for anomalous activity, treating any exposed instances as potentially compromised.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4151203/attackers-exploit-critical-langflow-rce-within-hours-as-cisa-sounds-alarm.html
First tracked: March 27, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%