PT-2026-25992 · Langflow Ai+1 · Langflow
Aviral2642
·
Published
2026-03-17
·
Updated
2026-03-20
·
CVE-2026-33017
CVSS v4.0
9.3
Critical
| AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
A critical vulnerability in the Langflow framework was exploited within hours of being made public, raising significant cybersecurity concerns.
Key Points:
- Langflow, an open source framework, faces a critical vulnerability enabling unauthenticated remote code execution.
- The vulnerability, tracked as CVE-2026-33017 with a CVSS score of 9.3, allows attackers to inject and execute Python code.
- Exploitation attempts emerged within 48 hours from multiple unique IPs, indicating a coordinated attack.
- Attackers have exploited this vulnerability to steal sensitive keys and credentials, potentially leading to supply chain attacks.
The recently disclosed vulnerability in the Langflow framework poses serious security concerns, as it allows for unauthenticated remote code execution through a weak endpoint. Detailed in an advisory, the flaw enables attackers to provide their own code via a POST request, which is then executed without proper security measures in place. The lack of public proof of concept (PoC) at the time of exploitation highlights the effectiveness of the attack methodology, as attackers were able to exploit the known weaknesses without requiring further research.
Within just hours of the vulnerability's disclosure, Sysdig noticed multiple exploitation attempts from different IP addresses. The initial phase appeared to involve mass scanning from a few sources, likely utilizing automated tools to find potential targets. Following this, the attacks proceeded into more focused reconnaissance efforts, suggesting that the attackers had already prepared their infrastructure and were primed for action as soon as the vulnerability became public. Data exfiltration from compromised systems has been reported, with a clear chain leading back to a command-and-control server, raising alarms over the possibility of more extensive supply chain exploitation as attackers seek to leverage these vulnerabilities for broader attacks.
What measures should organizations implement to protect against such rapid exploitation of newly disclosed vulnerabilities?
Learn More: Security Week
Want to stay updated on the latest cyber threats?
Fix
RCE
Eval Injection
Code Injection
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Langflow