Vulnerability
Exploitation Wave
Langflow unauthenticated RCE exploitation and secret theft
Updated 30.06.2026 18:47
Case score 64
Why this score?
Case score is a discovery signal based on public evidence, not a guaranteed risk rating. Use it to decide what to review first, then verify important details from the linked sources.
- Total
- 64
- Main story score
- 61
- Related evidence lift
- +3 / 20
- Contributing updates
- 1
- Context updates
- 0
Top contributors
- Vulnerability Critical unauthenticated code-injection flaw in Langflow with rapid post-disclosure abuse risk. main
- Exploitation Wave Early exploitation activity confirms the flaw moved into active abuse and drove the case beyond disclosure alone. contributes
Case score 64
Members 2
Latest activity 30.06.2026 18:47
Active exploitation
Patch available
CVSS: 9.8 Critical
Members 2
First seen 20.03.2026 12:20
Last seen 20.03.2026 17:15
Updated 30.06.2026 18:47
Overview
**CVE-2026-33017** in **Langflow** lets a remote attacker execute attacker-controlled Python code on exposed instances without authentication. Exploitation appeared within 20 hours of disclosure and quickly moved from scanning to custom scripts that targeted files, environment data, and secrets.
The activity included credential theft, database and configuration access, and callback traffic to **173.212.205[.]251:8443**. CISA added the flaw to **KEV** with a remediation date of **2026-04-08**, so exposed Langflow deployments should be patched and checked for compromise immediately.
Attackers are exploiting **CVE-2026-33017** in **Langflow**, a flaw that lets a remote user run attacker-controlled Python code on exposed instances without authentication. The weakness combines missing authentication with code injection in the public build endpoint, and affected versions run through **1.8.1** with **1.9.0.dev8** identified as the addressed build. Exploitation began within 20 hours of public disclosure, and available evidence indicates attackers could build working exploits directly from the advisory description. Early activity moved from scanning to custom Python scripts that targeted files and environment data such as **/etc/passwd** and **.env**.
Automated requests from four source IPs using the same payload point to a shared wave against exposed Langflow deployments. Follow-on activity included theft of keys, credentials, databases, cloud credentials, and configuration files, plus callback traffic to **173.212.205[.]251:8443**. CISA added **CVE-2026-33017** to the Known Exploited Vulnerabilities catalog with a required action date of **2026-04-08**, and the addressed build is **1.9.0.dev8**. Available evidence does not quantify how many servers were hit, but exposed Langflow instances remain at immediate risk if they are still unpatched or reachable from the internet.
Signals
4 derivedImpact signals
Exploitation
Exploitation
Active exploitation
CVSS
9.8 Critical
CVEs/products
CVE
Remediation
Remediation
Patch available
Malware context
7 families · 1 toolsTools
curl
Member happenings
2 related
Vulnerability
Langflow missing-authentication code-injection flaw (CVE-2026-33017)
Exploitation
Active Exploitation
Exploit
No Known Public Exploit
CVSS
9.8 Critical
Patch
Patch Available
Vulnerability
Langflow missing-authentication code-injection flaw (CVE-2026-33017)
Exploitation
Active Exploitation
Exploit
No Known Public Exploit
CVSS
9.8 Critical
Patch
Patch Available
Exploitation Wave
Langflow CVE-2026-33017 exploitation wave
Exploitation
Active Exploitation
CVSS
9.8 Critical
Exploitation Wave
Langflow CVE-2026-33017 exploitation wave
Exploitation
Active Exploitation
CVSS
9.8 Critical