Langflow Vulnerability Exploited for AWS Key Theft

Langflow Vulnerability Exploited for AWS Key Theft

Posted on By CWS

Recent analysis reveals that a critical vulnerability in Langflow, identified as CVE-2026-33017, has been exploited by cybercriminals to steal AWS keys and transform systems into nodes of a NATS-based botnet. This incident highlights the risks associated with exposed AI workflow tools and their potential to facilitate large-scale credential theft and cloud exploitation.

Details of the Langflow Exploit

The vulnerability, an unauthenticated remote code execution flaw, was documented in the CISA KEV catalog in March 2026. It allows attackers to execute commands within the Langflow container by targeting a public endpoint without requiring authentication. This results in the exposure of sensitive environment variables, including AWS keys.

In a comprehensive analysis, researchers observed an attacker compromising a Langflow instance and subsequently accessing the victim’s cloud account. Within a brief timeframe, the adversary downloaded a Python worker script and a Go binary, aiming to extend the attack beyond a single host.

Impact and Analysis of the Attack

The tools used, named KeyHunter, systematically harvest API keys from web content and cloud platforms. The exploitation of Langflow not only compromises the service itself but also allows attackers to list cloud resources and misuse AI services like OpenAI and Anthropic, thereby monetizing stolen credentials.

Attempts were made to gain deeper control over the host using vulnerabilities like DirtyPipe and DirtyCred. Although the Go-based worker faced memory issues, the Python variant proved effective for data collection, highlighting the attacker’s adaptability.

Preventive Measures and Recommendations

To mitigate risks, it is crucial to update Langflow to rectify CVE-2026-33017, since the vulnerability allows easy scanning and exploitation. Compromised instances should lead to immediate rotation of all accessible keys.

This campaign’s unique feature is its use of a NATS message broker as a command and control channel. By employing this method, attackers manage tasks centrally and maintain a worker pool across different platforms.

Security professionals are advised to monitor for system service changes, suspicious outbound connections, and block traffic to known NATS and staging hosts. Curtailing outbound communications from AI tools can also prevent unauthorized access to critical services.

For more information on protecting against such vulnerabilities, follow our updates on Google News, LinkedIn, and X.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

New ‘Curly COMrades’ APT Hackers Attacking Targeting Critical Organizations in Countries New ‘Curly COMrades’ APT Hackers Attacking Targeting Critical Organizations in Countries Cyber Security News
Namastex npm Packages Compromised with CanisterWorm Malware Namastex npm Packages Compromised with CanisterWorm Malware Cyber Security News
Linux Kernel’s KSMBD Subsystem Vulnerability Let Remote Attackers Exhaust Server Resources Linux Kernel’s KSMBD Subsystem Vulnerability Let Remote Attackers Exhaust Server Resources Cyber Security News
Threat Actors Abused AV – EDR Evasion Framework In-The-Wild to Deploy Malware Payloads Threat Actors Abused AV – EDR Evasion Framework In-The-Wild to Deploy Malware Payloads Cyber Security News
NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety Cyber Security News
CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks Cyber Security News