Other information and services of the government: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Critical vulnerability in Langflow AI pipelines. Patch Immediately!

Image
Decorative image
Published : 23/03/2026
  • Last update: 23/03/2026
  • Affected software: Langflow AI pipelines
  • Type: Remote Code Execution (RCE)
  • CVE/CVSS: CVE-2026-33017: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)

Sources

Vendor Advisory: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33017

Risks

If successfully exploited by an unauthenticated remote actor, CVE-2026-33017 can result in remote code execution with full server process privileges and access to all flow data. This has a high impact on availability, integrity and confidentiality. Security researchers reported this vulnerability is currently being actively exploited and targeted by scanning activity. Therefore, it is essential to promptly apply the patch or put mitigations in place.

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. The build_public_tmp endpoint is designed to be unauthenticated for public flows but incorrectly accepts attacker-supplied flow data. In versions prior to 1.9.0 CVE-2026-33017 allows an unauthenticated remote attacker to achieve remote code execution within full server process privileges. Exploitation requires the target Langflow instance to have at least one public flow. This is a common setup for demos, chatbots, shared workflows, etc.

Security researchers reported this vulnerability is currently being actively exploited and targeted by scanning activity.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

Sysdig: https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours