CVE-2026-33017

9 documents9 sources

9.3

CVSS

CRITICAL

EPSS5.7%(90th)

CISA KEV

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages2 packages

▶NVDlangflow/langflow< 1.8.2

▶PyPIlangflow1.8.1

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthe...

NVD ↗MITRE ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint↗2026-03-20

▶

OSV

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint↗2026-03-17

▶

GHSA

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint↗2026-03-17

▶

VulnCheck

Langflow Code Injection Vulnerability↗2026

▶

📋Vendor Advisories

CISA

Langflow Code Injection Vulnerability↗2026-03-25

▶

🕵️Threat Intelligence

Bleepingcomputer

CISA: New Langflow flaw actively exploited to hijack AI workflows↗2026-03-26

▶

Hackernews

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure↗2026-03-20

▶

Blog

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure↗2026-03-20

▶