BREAKING
Langflow RCE CVE-2026-33017 Exploited
0
CVSS score
0
h
to exploitation
0
GitHub stars
One HTTP Request to Code Exec
1
Hit public build endpoint
↓
2
Inject Python in flow JSON
↓
3
Passed to exec() unsandboxed
↓
4
Code runs on server
Payload: Lambsys Monero Miner
Affected 1.8.2, Fixed in 1.9.0
Affected
Risk
●
1.8.2 and earlier
●
Now on CISA KEV list
●
Exposed instances at risk
Mitigate
Fix
●
Update to 1.9.0+
●
Avoid internet exposure
●
Add WAF and auth
Patch Langflow Promptly
AI NEWS BLITZ
A critical Langflow flaw is being exploited to deploy a Monero miner.