BREAKING
Langflow RCE CVE-2026-33017 Exploited
0
CVSS score
0h
to exploitation
0
GitHub stars
One HTTP Request to Code Exec
1Hit public build endpoint
2Inject Python in flow JSON
3Passed to exec() unsandboxed
4Code runs on server
Payload: Lambsys Monero Miner
Affected 1.8.2, Fixed in 1.9.0
AffectedRisk
1.8.2 and earlier
Now on CISA KEV list
Exposed instances at risk
MitigateFix
Update to 1.9.0+
Avoid internet exposure
Add WAF and auth
Patch Langflow Promptly
AI NEWS BLITZ
A critical Langflow flaw is being exploited to deploy a Monero miner.