**CISA** has added **CVE-2026-33017** to its Known Exploited Vulnerabilities catalog, describing it as a code injection vulnerability with a critical score of 9.3 out of 10. The vulnerability allows attackers to build public flows without authentication, leading to remote code execution. ### Rapid Exploitation Following Disclosure Researchers at **Sysdig** reported that exploitation of **CVE-2026-33017** began approximately 20 hours after the vulnerability advisory was made public on March 19th. Notably, no public proof-of-concept (PoC) exploit code was available at the time, suggesting attackers crafted exploits directly from the advisory information, according to **Endor Labs**. Automated scanning commenced within 20 hours, followed by exploitation using Python scripts within 21 hours, and data harvesting (specifically `.env` and `.db` files) within 24 hours. ### Langflow: A Prime Target **Langflow** is a popular open-source visual framework for building AI workflows, boasting 145,000 stars on **GitHub**. Its drag-and-drop interface facilitates connecting nodes into executable pipelines, complemented by a REST API for programmatic execution. This widespread adoption within the AI development community makes it an attractive target for malicious actors. ### Previous Langflow Vulnerabilities In May 2025, **CISA** issued a similar warning regarding active exploitation of **CVE-2025-3248** in **Langflow**, a critical API endpoint flaw enabling unauthenticated remote code execution and potential full server control. ### Technical Details of CVE-2026-33017 **CVE-2026-33017** allows attackers to execute arbitrary Python code and impacts **Langflow** versions 1.8.1 and earlier. The vulnerability can be exploited through a single crafted HTTP request due to unsandboxed flow execution. ### Remediation and Mitigation While **CISA** did not explicitly link the exploitation to ransomware actors, federal agencies were given until April 8th to apply security updates or mitigations, or cease using the product. System administrators are strongly advised to upgrade to **Langflow** version 1.9.0 or later, which addresses the vulnerability, or disable/restrict the vulnerable endpoint. **Sysdig** further recommends avoiding direct exposure of **Langflow** to the internet, monitoring outbound traffic, and rotating API keys, database credentials, and cloud secrets upon detection of suspicious activity. ### CISA Directive and Broader Implications **CISA’s** directive formally applies to organizations covered by Binding Operational Directive (BOD) 22-01. However, private sector companies, state and local governments, and other non-FCEB entities are encouraged to treat it as a benchmark and respond accordingly. <a rel="noopener sponsored" href="https://hubs.li/Q043YRMg0"><img alt="tines" src="https://www.bleepstatic.com/c/p/red-report.jpg"></a> <div> <h2><a rel="noopener sponsored" href="https://hubs.li/Q043YRMg0">Red Report 2026: Why Ransomware Encryption Dropped 38%</a></h2> <p>Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.</p> <p>Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.</p> </div>