Search

CISA Warns New Langflow Flaw Is Being Actively Exploited to Hijack AI Workflows

Cyber threats and incidents
By John Kevin Hao

Related

Cyber threats and incidents

New GhostLock Tool Abuses Windows API to Block File Access

What happened A security researcher has published a proof-of-concept tool...
Read more
Cyber threats and incidents

Ivanti Warns of New EPMM Flaw Exploited in Zero-Day Attacks

What happened Ivanti has disclosed a high-severity remote code execution...
Read more
Founders, Analysts & Industry Voices

CISA Launches CI Fortify to Prepare Critical Infrastructure for Geopolitical Cyber Conflict

What happened CISA has launched CI Fortify, a new initiative...
Read more
Cyber threats and incidents

Mirai-Based xlabs_v1 Botnet Exploits Android Debug Bridge to Hijack IoT Devices

What happened Hunt.io researchers have identified a new Mirai-derived botnet...
Read more
Cyber threats and incidents

Cisco Releases Fix for DoS Flaw That Requires Manual Reboot to Recover

What happened Cisco has released security updates addressing a high-severity...
Read more

Share

What happened

A new Langflow flaw is being actively exploited to hijack AI workflows, prompting CISA to add the issue to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2026-33017, is a critical code injection flaw with a 9.3 severity score that affects the Langflow framework for building AI agents. The issue can be leveraged for remote code execution and allows threat actors to build public flows without authentication. Researchers at Sysdig said exploitation began on March 19, about 20 hours after the advisory became public. According to the report, automated scanning started within 20 hours, Python-based exploitation followed in 21 hours, and harvesting of .env and .db files began in 24 hours. The flaw affects Langflow versions 1.8.1 and earlier and can be exploited through a single crafted HTTP request due to unsandboxed flow execution.

Who is affected

The direct exposure affects organizations using Langflow versions 1.8.1 and earlier, especially environments where the vulnerable endpoint is exposed. The article also indicates that affected deployments may face theft of .env and .db files if exploitation is successful.

Why CISOs should care

This matters because the flaw affects a widely adopted framework for building AI workflows and moved from public disclosure to exploitation in less than a day. It also combines unauthenticated remote code execution with access to sensitive configuration and database files in exposed environments.

3 practical actions

  1. Upgrade affected deployments immediately: Move all Langflow instances to version 1.9.0 or later because that release addresses the flaw described in the incident.
  2. Restrict the vulnerable endpoint: Disable or limit access to the exposed endpoint if immediate upgrading is not possible.
  3. Treat suspicious activity as a secrets exposure event: Rotate API keys, database credentials, and cloud secrets if there are signs of compromise in affected Langflow environments.

For more news about security flaws under active exploitation, click Vulnerability to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
Infinity Stealer Grabs macOS Data via ClickFix Lures
Next article
European Commission Investigating Breach After Amazon Cloud Account Hack

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.