Critical Langflow Vulnerability CVE-2026-33017 Exploited Within 20 Hours of Disclosure

A newly disclosed critical vulnerability in the open-source AI platform Langflow has already been actively exploited within just 20 hours of its public announcement, demonstrating how quickly attackers weaponize newly discovered security flaws.

The vulnerability, tracked as CVE-2026-33017 with a CVSS score of 9.3, is caused by a combination of missing authentication and unsafe code execution. It allows attackers to remotely execute arbitrary code on affected systems without requiring any login credentials.

How the Vulnerability Works

The flaw exists in a specific API endpoint:

POST /api/v1/build_public_tmp/{flow_id}/flow

This endpoint allows users to build public flows, but it fails to enforce proper authentication. When attackers supply a specially crafted data parameter, the system processes attacker-controlled Python code directly. This code is executed using the exec() function without any sandboxing or security restrictions.

This design flaw enables unauthenticated remote code execution (RCE), giving attackers full control over vulnerable systems.

Scope and Impact of the Vulnerability

The issue affects all Langflow versions up to and including 1.8.1. A fix has been introduced in the development release version 1.9.0.dev8.

Security researcher Aviral Srivastava, who discovered the flaw, explained that it shares similarities with another critical vulnerability, CVE-2025-3248, which also enabled code execution through a different endpoint. That older flaw has already been actively exploited in the wild, according to the Cybersecurity and Infrastructure Security Agency.

Fast Weaponization by Threat Actors

What makes this vulnerability particularly dangerous is the speed at which it was exploited. Security researchers from Sysdig observed real-world attack attempts within 20 hours of the advisory being released.

Even more concerning, attackers did not wait for proof-of-concept code to become publicly available. Instead, they created their own exploits directly from the technical details disclosed in the advisory.

These attacks involved scanning the internet for vulnerable Langflow instances and extracting sensitive data such as credentials, keys, and database access information.

Advanced Exploitation Techniques Observed

Attackers have been seen using automated scanning tools initially, followed by custom Python scripts to deepen access into compromised systems. Their activities included:

  • Extracting system files such as /etc/passwd
  • Accessing environment variables and configuration files
  • Harvesting .env files containing secrets
  • Downloading additional payloads from remote servers

A malicious payload was observed being delivered from the IP address 173.212.205.251:8443, indicating a coordinated attack operation.

This behavior suggests that attackers had a pre-built toolkit ready for immediate deployment after identifying vulnerable systems.

Rising Trend of Rapid Exploitation

Security experts warn that this incident reflects a broader trend where the time between vulnerability disclosure and active exploitation is shrinking dramatically.

According to industry research, the time it takes attackers to weaponize vulnerabilities has dropped from months in the past to just a few hours today. This creates a serious challenge for defenders, as organizations often take weeks to deploy patches.




Found this article interesting? Follow us on  X (Twitter) FacebookBlue sky and LinkedIn to read more exclusive content we post.