Cybercriminals are actively exploiting a major vulnerability in Langflow to deliver a Monero mining malware, raising concerns about the security of artificial intelligence (AI) application endpoints. Known as CVE-2026-33017, this remote code execution (RCE) flaw has a critical severity score of 9.3, making it a prime target for attackers seeking unauthorized access to enterprise networks. The attacks were detected over a period of 19 days from March 27 to April 15, 2026.
Exploitation of Langflow Vulnerability
Researchers from Trend Micro, Simon Dulude and John Zhang, highlighted in a recent report that attackers are leveraging a single line of Python code executed via an unauthenticated API endpoint in Langflow. This method downloads a shell script, which then retrieves and runs a mining binary. The malware is designed to eliminate competing mining processes, remove competing wallet and key materials, and disable several host security controls. It further establishes persistence using cron jobs and attempts to spread by accessing other systems with reused SSH keys.
The malware employs a Python script to execute a remotely hosted shell script, which acts as a dropper. This dropper checks for the presence of a specific binary, “lambsys,” before downloading and executing it on the host machine. The binary, developed in Go, disables various security measures, including AppArmor, iptables, SELinux, and others, to ensure the mining operation continues unhindered.
Malware Capabilities and Evasion Techniques
Beyond its core functionality, the malware erases system logs and modifies file attributes to obscure its presence. It specifically targets files such as “~/.ssh/authorized_keys” and “/etc/crontab” to make changes before restoring their immutable attributes. By setting the “chattr +i” attribute, it prevents modification or deletion by users, including administrators.
In its final stages, the malware downloads a custom XMRig miner from a remote server and erases the TAR file post-extraction. It also connects to ipinfo.io to acquire the host’s public IP address and location, which aids in optimizing the mining operation based on geographical proximity to mining pools and implementing geo-fencing strategies.
Implications for AI Security
Trend Micro’s findings underscore the growing threat of cryptojacking campaigns targeting AI application infrastructures. The current campaign reflects a two-year evolution of the malware family, as evidenced by artifacts dating back to May 2024. Similar vulnerabilities, such as CVE-2025-3248, have been exploited in the past, indicating a persistent threat landscape.
The exploitation of Langflow vulnerabilities highlights the importance of securing AI endpoints to prevent unauthorized access and resource hijacking. As threat actors continue to refine their tactics, organizations must enhance their security measures to protect against these sophisticated attacks.
In conclusion, while the Monero mining payloads are not new, the exploitation of AI application vulnerabilities presents a novel and concerning method of infiltration. Enterprises leveraging AI technologies should prioritize vulnerability management and implement robust security protocols to safeguard their networks against such threats.
