External risk intelligence
Langflow could allow external attackers to take full control of systems.
Langflow could allow external attackers to execute arbitrary code, potentially exposing credentials, customer data, and sensitive files. This vulnerability is currently being actively exploited in the wild, risking significant operational disruption and service availability.
CVE-2026-33017
Exposure facts
H – Horizon Alert
A security vulnerability exists within Langflow, a platform used for building AI-powered workflows. An endpoint intended for public use improperly handles input, allowing an attacker to execute unauthorized, arbitrary code without requiring any authentication. This is a serious concern because it enables external actors to remotely run commands on the system, which could lead to a full compromise of the application environment.
A – Asset Exposure
This vulnerability affects Langflow, a platform used to build and deploy AI-powered agents and workflows. Because this issue resides within an endpoint specifically designed to support public-facing flows, organizations utilizing this feature are susceptible to access by external attackers. If compromised, an attacker could gain unauthorized control over the server, putting credentials, customer data, and sensitive files at risk, while potentially disrupting operational systems and service availability.
L – Live Threat
This vulnerability is actively exploited in the wild, as confirmed by its inclusion in the CISA Known Exploited Vulnerabilities catalog. Publicly available research documents that attackers have successfully used this flaw to compromise AI pipelines, demonstrating known targeting of the platform. Given these verified risk signals, there is a significant likelihood of impact for organizations utilizing this software.
O – Operational Fix
To secure your environment, please apply the latest security update provided by the vendor. This update resolves the identified issue affecting the public flow building process, effectively closing the potential for unauthorized remote code execution. We recommend prioritizing the deployment of this fix and following the official vendor and CISA guidance for any necessary configuration adjustments. If immediate patching is not possible, please validate your current deployment and follow all established security mandates for this product.
References
- https://github.com/advisories/GHSA-rvqx-wpfh-mfx7
- https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0
- https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
- https://github.com/langflow-ai/langflow/releases/tag/1.8.2
- https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33017
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33017
- https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours