Search

CISA Warns New Langflow Flaw Is Being Actively Exploited to Hijack AI Workflows

Cyber threats and incidents
By Evan Rowe

Related

Cyber threats and incidents

Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV Audio

What happened A backdoored Telnyx PyPI package pushed malware hidden...
Read more
Cyber threats and incidents

European Commission Investigating Breach After Amazon Cloud Account Hack

What happened The European Commission is investigating a breach after...
Read more
Cyber threats and incidents

CISA Warns New Langflow Flaw Is Being Actively Exploited to Hijack AI Workflows

What happened A new Langflow flaw is being actively exploited...
Read more
Cyber threats and incidents

Infinity Stealer Grabs macOS Data via ClickFix Lures

What happened Infinity Stealer grabs macOS data via ClickFix lures...
Read more
Cyber threats and incidents

Dutch Police Discloses Security Breach After Phishing Attack

What happened The Dutch National Police disclosed a security breach...
Read more

Share

What happened

A new Langflow flaw is being actively exploited to hijack AI workflows, prompting CISA to add the issue to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2026-33017, is a critical code injection flaw with a 9.3 severity score that affects the Langflow framework for building AI agents. The issue can be leveraged for remote code execution and allows threat actors to build public flows without authentication. Researchers at Sysdig said exploitation began on March 19, about 20 hours after the advisory became public. According to the report, automated scanning started within 20 hours, Python-based exploitation followed in 21 hours, and harvesting of .env and .db files began in 24 hours. The flaw affects Langflow versions 1.8.1 and earlier and can be exploited through a single crafted HTTP request due to unsandboxed flow execution.

Who is affected

The direct exposure affects organizations using Langflow versions 1.8.1 and earlier, especially environments where the vulnerable endpoint is exposed. The article also indicates that affected deployments may face theft of .env and .db files if exploitation is successful.

Why CISOs should care

This matters because the flaw affects a widely adopted framework for building AI workflows and moved from public disclosure to exploitation in less than a day. It also combines unauthenticated remote code execution with access to sensitive configuration and database files in exposed environments.

3 practical actions

  1. Upgrade affected deployments immediately: Move all Langflow instances to version 1.9.0 or later because that release addresses the flaw described in the incident.
  2. Restrict the vulnerable endpoint: Disable or limit access to the exposed endpoint if immediate upgrading is not possible.
  3. Treat suspicious activity as a secrets exposure event: Rotate API keys, database credentials, and cloud secrets if there are signs of compromise in affected Langflow environments.

For more news about security flaws under active exploitation, click Vulnerability to read more.

Previous article
Infinity Stealer Grabs macOS Data via ClickFix Lures
Next article
European Commission Investigating Breach After Amazon Cloud Account Hack
Cyber threats and incidents

Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV Audio

What happened A backdoored Telnyx PyPI package pushed malware hidden...
Cyber threats and incidents

European Commission Investigating Breach After Amazon Cloud Account Hack

What happened The European Commission is investigating a breach after...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.