Critical Langflow Vulnerability Exploited in the Wild, CISA Issues Urgent Warning
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-33017, a severe code-injection vulnerability in Langflow, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. The flaw allows unauthenticated attackers to execute arbitrary code on affected systems, posing a significant risk to organizations using the framework.
Langflow, a popular visual framework for building large language model (LLM) applications, is widely deployed in development pipelines. The vulnerability stems from improper code generation controls (CWE-94), insecure evaluation of injected directives (CWE-95), and a complete lack of authentication for critical functions (CWE-306). Attackers can exploit these weaknesses to bypass security checks, inject malicious scripts, and gain control of the application environment all without credentials.
Key Details:
- CVE ID: CVE-2026-33017
- Affected Software: Langflow
- Vulnerability Type: Code injection, missing authentication
- Added to KEV Catalog: March 25, 2026
- Federal Remediation Deadline: April 8, 2026 (per CISA’s Binding Operational Directive 22-01)
- Ransomware Status: Unconfirmed if used in campaigns
CISA has mandated federal agencies to apply mitigations by the deadline, while strongly urging private and public sector organizations to prioritize patching. If no patch is available, administrators are advised to follow CISA’s cloud service guidance or temporarily disable Langflow.
The flaw highlights the growing threat to AI-driven development tools, which are increasingly targeted for data exfiltration, lateral movement, and infrastructure compromise. Organizations relying on Langflow are at risk of unauthorized access and network breaches if left unaddressed.
Source: https://gbhackers.com/cisa-issues-urgent-warning-on-langflow-code-injection-vulnerability/
Langflow cybersecurity rating report: https://www.rankiteo.com/company/langflow
"id": "LAN1774536040",
"linkid": "langflow",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology, AI/ML Development',
'name': 'Organizations using Langflow',
'type': 'Public/Private Sector'}],
'attack_vector': 'Remote',
'date_publicly_disclosed': '2026-03-25',
'description': 'CISA has added CVE-2026-33017, a severe code-injection '
'vulnerability in Langflow, to its Known Exploited '
'Vulnerabilities (KEV) catalog after confirming active '
'exploitation. The flaw allows unauthenticated attackers to '
'execute arbitrary code on affected systems, posing a '
'significant risk to organizations using the framework. '
'Langflow, a popular visual framework for building large '
'language model (LLM) applications, is widely deployed in '
'development pipelines. The vulnerability stems from improper '
'code generation controls, insecure evaluation of injected '
'directives, and a complete lack of authentication for '
'critical functions. Attackers can exploit these weaknesses to '
'bypass security checks, inject malicious scripts, and gain '
'control of the application environment without credentials.',
'impact': {'operational_impact': 'Unauthorized access and network breaches',
'systems_affected': 'Langflow framework'},
'lessons_learned': 'Highlights the growing threat to AI-driven development '
'tools, which are increasingly targeted for data '
'exfiltration, lateral movement, and infrastructure '
'compromise.',
'post_incident_analysis': {'corrective_actions': 'Patch the vulnerability, '
'implement proper '
'authentication controls, '
'and secure code '
'generation/evaluation '
'processes.',
'root_causes': 'Improper code generation controls '
'(CWE-94), insecure evaluation of '
'injected directives (CWE-95), and '
'lack of authentication for '
'critical functions (CWE-306).'},
'recommendations': 'Prioritize patching for CVE-2026-33017; follow CISA’s '
'cloud service guidance or temporarily disable Langflow if '
'no patch is available.',
'references': [{'source': 'CISA Known Exploited Vulnerabilities Catalog'}],
'regulatory_compliance': {'regulatory_notifications': 'CISA Binding '
'Operational Directive '
'22-01'},
'response': {'containment_measures': 'Apply mitigations or follow CISA’s '
'cloud service guidance; temporarily '
'disable Langflow if no patch is '
'available',
'remediation_measures': 'Patch the vulnerability '
'(CVE-2026-33017)'},
'stakeholder_advisories': 'CISA has mandated federal agencies to apply '
'mitigations by April 8, 2026, and strongly urges '
'private and public sector organizations to '
'prioritize patching.',
'title': 'Critical Langflow Vulnerability Exploited in the Wild, CISA Issues '
'Urgent Warning',
'type': 'Code Injection',
'vulnerability_exploited': 'CVE-2026-33017'}