Search

CISA Warns New Langflow Flaw Is Being Actively Exploited to Hijack AI Workflows

Cyber threats and incidents
By John Kevin Hao

Related

Cyber threats and incidents

Daktronics Controller Flaws Expose Highway Signs and Billboards to Remote Hacking

What happened CISA published an advisory warning organizations about three...
Read more
Cyber threats and incidents

Critical Dell Wyse Vulnerabilities Enable Remote Code Execution

What happened Dell Technologies released a critical security advisory for...
Read more
Cyber threats and incidents

Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

What happened The National Association of Insurance Commissioners confirmed it...
Read more
Cyber threats and incidents

Hackers Now Exploit Critical Oracle E-Business Suite Flaw in Attacks

What happened Attackers have begun exploiting a critical vulnerability in...
Read more
Cyber threats and incidents

Hackers Exploit Critical SimpleHelp Flaw to Deploy Djinn Stealer

What happened Hackers are exploiting a critical vulnerability in SimpleHelp...
Read more

Share

What happened

A new Langflow flaw is being actively exploited to hijack AI workflows, prompting CISA to add the issue to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2026-33017, is a critical code injection flaw with a 9.3 severity score that affects the Langflow framework for building AI agents. The issue can be leveraged for remote code execution and allows threat actors to build public flows without authentication. Researchers at Sysdig said exploitation began on March 19, about 20 hours after the advisory became public. According to the report, automated scanning started within 20 hours, Python-based exploitation followed in 21 hours, and harvesting of .env and .db files began in 24 hours. The flaw affects Langflow versions 1.8.1 and earlier and can be exploited through a single crafted HTTP request due to unsandboxed flow execution.

Who is affected

The direct exposure affects organizations using Langflow versions 1.8.1 and earlier, especially environments where the vulnerable endpoint is exposed. The article also indicates that affected deployments may face theft of .env and .db files if exploitation is successful.

Why CISOs should care

This matters because the flaw affects a widely adopted framework for building AI workflows and moved from public disclosure to exploitation in less than a day. It also combines unauthenticated remote code execution with access to sensitive configuration and database files in exposed environments.

3 practical actions

  1. Upgrade affected deployments immediately: Move all Langflow instances to version 1.9.0 or later because that release addresses the flaw described in the incident.
  2. Restrict the vulnerable endpoint: Disable or limit access to the exposed endpoint if immediate upgrading is not possible.
  3. Treat suspicious activity as a secrets exposure event: Rotate API keys, database credentials, and cloud secrets if there are signs of compromise in affected Langflow environments.

For more news about security flaws under active exploitation, click Vulnerability to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
Infinity Stealer Grabs macOS Data via ClickFix Lures
Next article
European Commission Investigating Breach After Amazon Cloud Account Hack
Cyber threats and incidents

BioShocking Attack Shows How AI Browsers Can Be Tricked Into Stealing User Credentials

What happened Security researchers at LayerX have disclosed a new...
Founders, Analysts & Industry Voices

Classroom to Cloud: CISOs to Watch in Higher Education

Higher education security sits at an unusual intersection of...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.