Planned Fix
CVE-2026-33017
Last analyzed: Loading...
Type
Not available
Auth Required
Unknown
PoC Available
Unknown
Vendor
Langflow
Product
Langflow
Exposure
Internet-facing
Default Config
Unknown
CVSS Score
Not available
- Name
- Not available
- Summary
- Not available
- Vendor
- Langflow
- Product Name
- Langflow
- Product Description
- Langflow is an open‑source framework for building and deploying AI-powered agents and workflows via a visual UI and an API.
- Affected Versions
- ≤ 1.8.2; 1.9.0-dev0 to 1.9.0-dev11
- Affected Component
- Public flows builder endpoint where attacker-supplied flow data can be executed; unauthenticated execution path in the flow construction pipeline.
- Component URLs
- Protocol
- HTTPS
- Ports
- Not available
- Internet-facing Likelihood
- 70%
- Exposure Level
- Internet-facing
- Enterprise Usage
- 60%
- Type
- Not available
- Impact
- Not available
- Exploitation Description
- Not available
- Detection Method
- Unknown
- Detection Method Types
- Not available
- Detection Method URLs
- Not available
- PoC Available
- Unknown
- PoC URLs
- Not available
- Default Config Exploitable
- Unknown
- Exploitation Requirements
- Not available
- Requirements URLs
- Not available
- Requirements Probability
- Not available
- Authentication Needed
- Unknown
- CVE ID
- Not available
- Description
- Not available
- CVSS Score
- Not available
- Published
- Loading...
- Last Modified
- Loading...
- CVSS Vector
- Not available
- Attack Vector (AV)
- Not available
- Attack Complexity (AC)
- Not available
- Privileges Required (PR)
- Not available
- User Interaction (UI)
- Not available
- Scope (S)
- Not available
- Confidentiality (C)
- Not available
- Integrity (I)
- Not available
- Availability (A)
- Not available
- CWE
- Not available
- NVD URL
- Not available
- CPE Configuration
- Not available
- Version From
- Not available
- Version UpTo
- Not available
- Remediation Type
- update
- Remediation Description
- Upgrade Langflow to version 1.9.0 or newer to include the fix; the advisory notes that the public build endpoint has been updated to remove the attacker-controlled data parameter or enforce authentication for the flow build path. After upgrading, verify the service is reachable through a secured channel and restart as needed.
- EPSS Score
- Not available
- EPSS Percentile
- Not available
- EPSS Last Updated
- Not available
- CISA KEV
- Unknown
- CISA KEV Date Added
- Not available
- Active Exploitation
- Not available
- Active Exploitation URLs
- Not available
- Threat Actors
- Not available
- Threat Actors URLs
- Not available
- IOCs
- Not available
- Detection Rules
- Not available
- Threat Hunting URLs
- Not available
- Articles Used
- 7
- Sources
- https://nvd.nist.gov/vuln/detail/CVE-2026-33017
- https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
- https://github.com/langflow-ai/langflow/releases/tag/1.8.2
- https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0
- https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
- https://blog.barrack.ai/langflow-exec-rce-cve-2026-33017/
- https://www.osv.dev/vulnerability/GHSA-c995-4fw3-j39m