CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Langflow unauthenticated RCE vulnerability (CVE-2026-33017) exploited within 20 hours of disclosure

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Within 20 hours of the public disclosure of an unauthenticated remote code execution vulnerability in Langflow (CVE-2026-33017), threat actors began exploiting exposed instances to execute arbitrary Python code, harvest credentials, and potentially compromise connected databases and software supply chains. The vulnerability, assigned a CVSS score of 9.3, requires no authentication and can be triggered with a single HTTP request, making it a high-impact target for rapid exploitation. Exploitation activity was observed targeting exposed Langflow deployments, with attackers leveraging advisory details to develop custom exploits and automated scanning toolkits. The incident highlights the accelerating timeline of vulnerability weaponization, where attackers now routinely exploit flaws within hours of disclosure, far outpacing typical patching timelines for defenders.

Timeline

  1. 20.03.2026 12:20 1 articles · 3h ago

    Unauthenticated RCE in Langflow exploited within 20 hours of advisory publication

    Threat actors exploited CVE-2026-33017, an unauthenticated RCE vulnerability in Langflow, within 20 hours of its public disclosure on March 17, 2026. Activities included automated scanning from multiple IPs, delivery of custom exploit scripts, and credential harvesting targeting databases, API keys, cloud credentials, and configuration files. The rapid exploitation occurred despite the absence of a public PoC, indicating a prepared toolkit and advanced operational readiness by the attackers.

    Show sources
    Open in new tab

Information Snippets

  • CVE-2026-33017 is an unauthenticated remote code execution (RCE) vulnerability in Langflow, an open-source visual framework for building AI agents and retrieval-augmented generation (RAG) pipelines.

    First reported: 20.03.2026 12:20
    1 source, 1 article
    Show sources

  • The vulnerability has a CVSS score of 9.3 and allows attackers to execute arbitrary Python code on exposed Langflow instances with a single HTTP request and no authentication required.

    First reported: 20.03.2026 12:20
    1 source, 1 article
    Show sources

  • Threat actors exploited the vulnerability within 20 hours of its public disclosure on March 17, 2026, despite the absence of a public proof-of-concept (PoC) code.

    First reported: 20.03.2026 12:20
    1 source, 1 article
    Show sources

  • Exploitation activity included automated scanning from multiple source IPs, delivery of custom Python exploit scripts via stage-2 droppers, and credential harvesting targeting databases, API keys, cloud credentials, and configuration files.

    First reported: 20.03.2026 12:20
    1 source, 1 article
    Show sources

  • The median time-to-exploit (TTE) for vulnerabilities has collapsed from 771 days in 2018 to hours in 2024, with 44% of exploited vulnerabilities weaponized within 24 hours of disclosure by 2023.

    First reported: 20.03.2026 12:20
    1 source, 1 article
    Show sources

  • The median time for organizations to deploy patches is approximately 20 days, leaving defenders exposed for significantly longer than the window of active exploitation.

    First reported: 20.03.2026 12:20
    1 source, 1 article
    Show sources