CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 8, 2026
Description
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
EPSS — Exploit Probability
Higher than 90.3% of all CVEs
Required Action
https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx ; https://nvd.nist.gov/vuln/detail/CVE-2026-33017
Related Articles (6)
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.
Mar 20, 2026
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
Mar 20, 2026
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical CVEs to patch.
Mar 23, 2026
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Mar 25, 2026
CISA: New Langflow flaw actively exploited to hijack AI workflows
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents.
Mar 26, 2026
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.
Mar 27, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 5.7%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 6
Timeline
Published
Mar 25, 2026
Added to KEV
Mar 25, 2026
Remediation Due
Apr 8, 2026