CISA: New Langflow flaw actively exploited to hijack AI workflows

News

Featured
Latest

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

HackerOne discloses employee data breach after Navia hack

Firefox now has a free built-in VPN with 50GB monthly data limit

Infinite Campus warns of breach after ShinyHunters claims data theft

Ajax football club hack exposed fan data, enabled ticket hijack

CISA: New Langflow flaw actively exploited to hijack AI workflows

Edit, convert, and sign PDFs without switching apps for just $40

UK sanctions Xinbi marketplace linked to Asian scam centers

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityCISA: New Langflow flaw actively exploited to hijack AI workflows

CISA: New Langflow flaw actively exploited to hijack AI workflows

By Bill Toulas

March 26, 2026
03:17 PM
0

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents.
The security issue received a critical score of 9.3 out of 10 and can be leveraged for remote code execution, allowing threat actors to build public flows without authentication.
The agency added the issue to the list of Known Exploited Vulnerabilities, describing it as a code injection vulnerability.
Researchers at application security company Endor Labs claim that hackers started exploiting CVE-2026-33017 on March 19, about 20 hours after the vulnerability advisory became public.
No public proof-of-concept (PoC) exploit code existed at the time, and Endor Labs believes that attackers built exploits directly from the information included in the advisory.
Automated scanning activity began in 20 hours, followed by exploitation using Python scripts in 21 hours, and data (.env and .db files) harvesting in 24 hours.
Langflow is a popular open-source visual framework for building AI workflows with 145,000 stars on GitHub. It provides a drag-and-drop interface for connecting nodes into executable pipelines, along with a REST API for running them programmatically.
The tool has widespread adoption across the AI development ecosystem, making it an attractive target for hackers.
In May 2025, CISA issued another warning about active exploitation in Langflow, targeting CVE-2025-3248, a critical API endpoint flaw that allows unauthenticated RCE and potentially leads to full server control.
The most recent flaw, CVE-2026-33017, lets attackers execute arbitrary Python code impacts versions 1.8.1 and earlier of Langflow, and could be exploited via a single crafted HTTP request due to unsandboxed flow execution.
CISA did not mark the flaw as exploited by ransomware actors, but gave federal agencies until April 8 to apply the security updates or mitigations, or stop using the product.
System administrators are recommended to upgrade to Langflow version 1.9.0 or later, which addresses the security problem, or disable/restrict the vulnerable endpoint.
Endor Labs also advised not to expose Langflow directly to the internet, to monitor outbound traffic, and to rotate API keys, database credentials, and cloud secrets when suspicious activity is detected.
CISA’s deadline formally applies to organizations covered by Binding Operational Directive (BOD) 22-01, but private sector companies, state and local governments, and other non-FCEB entities are also advised to treat it as a benchmark and respond accordingly.

Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Download The Report

Related Articles:
CISA: BeyondTrust RCE flaw now exploited in ransomware attacksCISA gives feds 3 days to patch actively exploited BeyondTrust flawCISA orders feds to patch max-severity Cisco flaw by SundayCritical Microsoft SharePoint flaw now exploited in attacksCISA orders feds to patch n8n RCE flaw exploited in attacks

Actively Exploited
AI
Artificial Intelligence
CISA
Langflow
RCE
Remote Code Execution
Vulnerability

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

New KB5085516 emergency update fixes Microsoft account sign-in

Crunchyroll probes breach after hacker claims to steal 6.8M users' data

Sponsor Posts

Are your AI accounts being sold on the dark web? Check for free. 

Overdue a password health-check? Audit your Active Directory for free

AI is a data-breach time bomb: Read the new report

Synthetic Identities, Proxies & Real Identities for Sale, is yours next?

Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast.

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

CISA has issued a critical warning regarding the active exploitation of a vulnerability, CVE-2026-33017, within the Langflow framework, a popular open-source tool for constructing AI workflows. This vulnerability, assessed with a 9.3/10 severity score, enables remote code execution (RCE) without authentication, making it an attractive target for malicious actors. The Cybersecurity and Infrastructure Security Agency (CISA) has designated this as a “Known Exploited Vulnerability,” and the issue was identified by application security company Endor Labs.

Within 20 hours of the vulnerability’s advisory publication, attackers began to leverage CVE-2026-33017. Notably, Endor Labs reported that the attackers bypassed the need for Proof-of-Concept (PoC) code, constructing exploits directly from the information provided in the CISA advisory. The exploitation process involved automated scanning, followed by the deployment of Python scripts for initial engagement and, subsequently, the harvesting of sensitive data, including `.env` and `.db` files. This rapid response highlights the urgency of addressing the vulnerability.

Langflow, boasting 145,000 stars on GitHub, is widely adopted within the AI development ecosystem, utilizing a drag-and-drop interface to connect nodes into executable pipelines and a REST API for programmatic execution. The framework's widespread use dramatically increased its attractiveness as a target. This situation echoes a prior CISA warning in May 2025, concerning another active exploit, CVE-2025-3248, a critical API endpoint flaw also allowing unauthenticated RCE.

The current vulnerability, CVE-2026-33017, specifically impacts versions 1.8.1 and earlier of Langflow, allowing attackers to inject and execute arbitrary Python code. The vulnerability’s simplicity—exploitable via a single crafted HTTP request—signifies a potentially substantial risk. CISA has set a deadline for federal agencies to implement security updates or mitigations, or cease using the product, by April 8th, 2026.

System administrators are advised to upgrade to Langflow version 1.9.0 or later, which contains the necessary remediation. Alternatively, disabling or restricting the vulnerable endpoint is recommended. Endor Labs’ recommendations extend to mitigating additional risks, including preventing direct internet exposure of Langflow, establishing continuous monitoring of outbound traffic, and proactively rotating API keys, database credentials, and cloud secrets in response to any suspicious activity. CISA’s directives apply to organizations subject to Binding Operational Directive (BOD) 22-01, but the guidance is broadly applicable across the sector, serving as a benchmark for responsible action.

The rapid exploitation timeline emphasizes the need for immediate vigilance and proactive security measures within organizations utilizing Langflow.