CVE Exploit Alert: CVE-2026-33017 | CRITICAL | CVSS 9.3 | Langflow Langflow

by

🔴 CRITICAL

Severity Overview

  • CVSS Base Score: 9.3
  • Severity: CRITICAL
  • CVSS Version: 4.0
  • Priority: Critical priority

Summary

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Analyst Takeaway

This vulnerability is already in CISA KEV, which means exploitation has been observed in the wild and the issue should be treated as active risk rather than theoretical exposure. The CVSS score places this in critical territory, so internet-facing systems and high-value assets should be prioritized for immediate remediation or compensating controls. In parallel with patching, defenders should review external exposure, hunt for signs of exploitation, and validate whether compensating controls are in place for vulnerable assets.

MITRE ATT&CK Mapping

No confident deterministic ATT&CK technique mapping was derived from the available vulnerability context.

Detection Guidance

No specific detection guidance could be derived from the available context. Organizations should rely on vendor advisories and general vulnerability scanning.

Key Details

  • CVE: CVE-2026-33017
  • Vendor: Langflow
  • Product: Langflow
  • CWE: CWE-94
  • Date Added to CISA KEV: 2026-03-25
  • CISA Due Date: 2026-04-08
  • Known Ransomware Campaign Use: Unknown

Technical Severity Details

  • CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Why This Matters

This vulnerability is included in CISA’s Known Exploited Vulnerabilities catalog, which means exploitation has been observed in the wild. Based on the available NVD scoring, this issue should be treated as critical priority.

Recommended Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx ; https://nvd.nist.gov/vuln/detail/CVE-2026-33017

Leave a Comment