#langflow — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

ttfr @neural_nw_ai · 18h

🚨 緊急警告: AIエージェント構築フレームワークLangflowにCVSS 9.3の脆弱性。認証なしでRCE可能、アドバイザリ公開から20時間で攻撃確認。PoCなしで直接エクスプロイト作成された点が衝撃的 thehackernews.com/2026/03/critic…q #セキュリティ #Langflow #脆弱性

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.

From thehackernews.com

PulsePatch.io @pulsepatchio · 1d

An authenticated code execution vulnerability in `Langflow` (CVE-2026-33873) may allow arbitrary code execution via Agentic Assistant Validation. Organizations should review access controls and monitor for updates. #AppSec #CodeExecution #Langflow pulsepatch.io/posts/cve-2026…

ScyScan @ScyScan · 1d

#CISA sounds alarm on #Langflow RCE, #Trivy #supply chain compromise after rapid exploitation scyscan.com/news/cisa-soun…

INCIBE-CERT @incibe_cert · 1d

⚠️ #INCIBEaviso | Ejecución de código autenticado en la validación del asistente de agentes de #Langflow incibe.es/incibe-cert/al… #AvisosDeSeguridad #TI

Ejecución de código autenticado en la validación del asistente de agentes de Langflow

kexinoh ha informado de 1 vulnerabilidad crítica que, en caso de ser explotada, podría permitir a un a

From incibe.es

254

Gray Hats @the_yellow_fall · 1d

Hackers exploited the Langflow AI framework (CVE-2026-33017) just 20 hours after its reveal. Learn how to patch this 9.3-severity RCE flaw before April 8. #Langflow #AISecurity #CVE202633017 #CISA #CyberSecurity2026 #ZeroDay #Infosec #Python #AI meterpreter.org/zero-day-veloc…

375

omvapt @omvapt · 1d

Critical #Flaw in #Langflow #AI Platform Under #Attack buff.ly/cF1yUgw

とも @tomo_mtblog · 1d

公開から 20 時間で悪用が開始された、Langflow の深刻な RCE 脆弱性（CVE-2026-33017）の脅威と対策をまとめました。・無認証 API 経由でのコード実行・各デプロイ環境のパッチ適用手順・CI/CD を活用した防御強化 mytech-blog.com/langflow-rce-m… #セキュリティ #Langflow

【Langflow】深刻な RCE 脆弱性（CVE-2026-33017）の脅威とパッチ適用手順 | MY TECH BLOG

はじめに AI エージェントや RAG（検索拡張生成）パイプラインの構築に広く利用されているオープンソースフレームワークの Langflow において、深刻なリモートコード実行（RCE）の脆弱性（CVE-2026-33017）が公開されまし

From mytech-blog.com

Cybersecurity News Everyday @TweetThreatNews · 1d

CISA reports active exploitation of CVE-2026-33017, a critical code injection flaw in Langflow AI-agent framework enabling unauthenticated remote Python code execution. Upgrade to Langflow 1.9.0 recommended. #Langflow #CISA #USA ift.tt/NncjIWi

CISA: New Langflow flaw actively exploited to hijack AI workflows

CISA warns that CVE-2026-33017, a critical code injection vulnerability in the Langflow AI-agent framework, is being actively exploited for unauthenticated remote code execution that can build public...

From hendryadrian.com

111

ScyScan @ScyScan · 1d

#CISA: New #Langflow #flaw actively exploited to hijack AI workflows scyscan.com/news/cisa-new-…

ScyScan @ScyScan · 2d

Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2026-33017 #Langflow Code Injection Vulnerability scyscan.com/cve-2026-33017…

CVE-2026-33017 - Langflow Code Injection Vulnerability | ScyScan

Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.

From scyscan.com

CCB Alert @CCBalert · 3d

Warning: #CVE-2026-33475, a critical vulnerability affecting #Langflow (< v1.9.0), allows unauthenticated remote shell injection in GitHub Actions workflows in the Langflow repository . #Patch #Patch #Patch

160

Alexei Belous @AlexeiBelous · 3d

Replying to @AlexeiBelous

Every exposed instance carried the credentials of everything it connected to. #CVE202633017 #Langflow #AIAgentSecurity

INCIBE-CERT @incibe_cert · 3d

⚠️ #INCIBEaviso | Inyección de shell remota en GitHub Actions de #Langflow incibe.es/incibe-cert/al… #AvisosDeSeguridad #TI

Inyección de shell remota en GitHub Actions de Langflow

Huseyingulsin ha reportado 1 vulnerabilidad crítica que, en caso de ser explotada, podría permitir a u

From incibe.es

237

CyberWatch360 @Cyberdailybrief · 4d

Your #AI-curious clients installed #Langflow for workflow automation and forgot about it. Twenty hours from disclosure to exploitation means they'll call Monday asking if they're exposed. #mssp #aiworkflows #cybersecurity

CCB Alert @CCBalert · 5d

Warning: Critical vulnerability in #Langflow AI. CVE-2026-33017 CVSS: 9.3. This #ActivelyExploited vulnerability can lead to remote code execution #RCE! See our advisory: ccb.belgium.be/advisories/war… #Patch #Patch #Patch

179

Hephaestvs @Vulcanux_ · 5d

csirt_it: ‼️ #Langflow: rilevata #0day per la CVE-2026-33017 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution acn.gov.it/portale/en/w/l…fkc ⚠ Importante aggiornare i software interessaw55

Langflow: rilevata 0-day per la CVE-2026-33017

From acn.gov.it

Ignacio G.R. Gavilán @igrgavilan · 5d

I've just finished "Mastering LangFlow" (amazon.es/Mastering-Lang…) by Rowan J. Ashford. Deceptive: it does not really explain LangFlow #libros #books #LangFlow #LangChain #RAG #AgenticAI

WorldWideWatchers @WideWatchers · 5d

🚨 ALERT: Cybercriminals waste NO time! 🚨 Within just 20 hours of discovery, hackers have swiftly exploited a critical RCE vulnerability in #Langflow. This rapid-fire attack highlights the urgent need for vigilance in #CyberSecurity. 🔒 Stay informed, stay protected!

Cybersecurity News Everyday @TweetThreatNews · 6d

CVE-2026-33017 is an unauthenticated remote code execution flaw in Langflow’s public flow build endpoint, exploited within 20 hours to run arbitrary Python and steal credentials via multi-stage attacks. #Langflow #RemoteCode #Exploit2026 ift.tt/Rkc8mxl

CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours

CVE-2026-33017 is an unauthenticated remote code execution flaw in Langflow's public flow build endpoint that attackers weaponized within ~20 hours of disclosure to execute arbitrary Python and...

From hendryadrian.com

143