A critical security flaw in Langflow has rapidly become a target for exploitation, occurring within 20 hours of its public exposure. This highlights the quick pace at which cybercriminals leverage newly discovered vulnerabilities.
The flaw, identified as CVE-2026-33017 and scoring 9.3 on the CVSS scale, is due to a lack of authentication and code injection issues, potentially leading to remote code execution. Langflow’s advisory notes that the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint permits the creation of public flows without authentication.
Details of the Langflow Security Flaw
The vulnerability manifests when an attacker provides a data parameter allowing control over flow data, which contains arbitrary Python code executed without sandboxing. This affects all versions up to 1.8.1 of the open-source AI platform, with a fix implemented in version 1.9.0.dev8.
Security researcher Aviral Srivastava, who reported the flaw on February 26, 2026, draws a distinction from CVE-2025-3248, another serious Langflow vulnerability. The root cause of CVE-2026-33017 involves an exec() call, similar to CVE-2025-3248, and the flaw arises from its unauthenticated endpoint design.
The Immediate Impact of the Exploit
Exploitation allows attackers to execute arbitrary code with server-level privileges through a single HTTP request. This can lead to unauthorized access to environment variables, data manipulation, and potential backdoor creation.
Srivastava emphasizes the ease of exploiting this vulnerability using a weaponized curl command, requiring just one HTTP POST request with malicious Python code. Cloud security firm Sysdig observed the first exploitation attempts within 20 hours of the advisory’s release on March 17, 2026.
Future Outlook and Security Measures
The rapid exploitation of CVE-2026-33017 reflects a broader trend of shrinking time-to-exploit windows, with Rapid7’s 2026 report indicating a drop in median time from vulnerability publication to exploitation.
Organizations are urged to promptly update to the latest patched version, review environment variables, rotate keys and passwords, and implement network restrictions for Langflow instances. These steps are essential to mitigate risks and protect valuable data from breaches.
The continued targeting of vulnerabilities like CVE-2025-3248 and CVE-2026-33017 underscores the need for robust security measures in AI and open-source tools, as they become increasingly attractive to threat actors.
