INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
U.S. CISA Adds Langflow Flaw to Known Exploited Vulnerabilities
| 2026-03-26 21:05 CRITICAL HIGHExecutive Summary AI-generated
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical flaw in Langflow, a software component used by federal agencies to manage their infrastructure, which allows attackers to execute arbitrary code without authentication. This vulnerability was first reported on March 26, 2026, and is tracked as CVE-2026-33017 with a CVSS score of 9.3. The flaw impacts versions prior to 1.3.0 and has been added to CISA's Known Exploited Vulnerabilities catalog. To address the vulnerability, federal agencies are ordered by April 8, 2026, to fix the issue or apply security updates or mitigations, or stop using the product.
Technical Mitigations AI-generated
* Implement secure coding practices, such as input validation and sanitization, to prevent exploitation of the Langflow flaw.
* Regularly update and patch software dependencies, including Python versions used with Langflow, to ensure that known vulnerabilities are addressed before they can be exploited.
* Use a sandboxing environment or virtual machine (e.g., Docker) when executing user-supplied code in Langflow to limit potential damage if an exploit is discovered.
* Conduct regular security audits and penetration testing of AI workflows built using Langflow to identify and address any weaknesses that could be exploited by attackers.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2025-3248CVE-2025-3248
CVE-2026-33017CVE-2026-33017
Target & Sectors
Global Scope
Incident Timeline
May 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, CVE-2025-3248, to its Known Exploited Vulnerabilities catalog in May 2025.
Click on any entity below to view its context and source!
tactic
T1588.006 - Vulnerabilities
In May 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another Langflow flaw, tracked as
CVE-2025-3248
(CVSS score of 9.8), to its
Known Exploited Vulnerabilities (KEV) catalog
.
attribution
Known Exploited
In May 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another Langflow flaw, tracked as
CVE-2025-3248
(CVSS score of 9.8), to its
Known Exploited Vulnerabilities (KEV) catalog
.
attribution
KEV
In May 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another Langflow flaw, tracked as
CVE-2025-3248
(CVSS score of 9.8), to its
Known Exploited Vulnerabilities (KEV) catalog
.
vulnerability
CVE-2025-3248
In May 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another Langflow flaw, tracked as
CVE-2025-3248
(CVSS score of 9.8), to its
Known Exploited Vulnerabilities (KEV) catalog
.
In May 2025, CISA
issued another warning
about active exploitation in Langflow, targeting CVE-2025-3248, a critical API endpoint flaw that allows unauthenticated RCE and potentially leads to full server control.
CVE-2025-3248 is a code injection vulnerability in the
/api/v1/validate/code
endpoint.
vulnerability
CVSS score of 9.8
In May 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another Langflow flaw, tracked as
CVE-2025-3248
(CVSS score of 9.8), to its
Known Exploited Vulnerabilities (KEV) catalog
.
attribution
CVSS
In May 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another Langflow flaw, tracked as
CVE-2025-3248
(CVSS score of 9.8), to its
Known Exploited Vulnerabilities (KEV) catalog
.
attribution
API
In May 2025, CISA
issued another warning
about active exploitation in Langflow, targeting CVE-2025-3248, a critical API endpoint flaw that allows unauthenticated RCE and potentially leads to full server control.
infrastructure
1.3.0
The flaw impacts versions prior to 1.3.0.
March 19
Researchers at application security company Endor Labs claim hackers started exploiting CVE-2026-33017 on March 19, about 20 hours after the vulnerability advisory became public.
Click on any entity below to view its context and source!
vulnerability
CVE-2026-33017
Researchers at application security company
Endor Labs claim
that hackers started exploiting CVE-2026-33017 on March 19, about 20 hours after the vulnerability advisory became public.
general_metric
20 hours
Researchers at application security company
Endor Labs claim
that hackers started exploiting CVE-2026-33017 on March 19, about 20 hours after the vulnerability advisory became public.
2026-03-26
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2026-33017, to its Known Exploited Vulnerabilities catalog due to the vulnerability's critical score of 9.3 and potential for remote code execution via unsandboxed flow execution in versions before v1.9.0.
Click on any entity below to view its context and source!
organisation
Known Exploited
The agency
added the issue
to the list of Known Exploited Vulnerabilities, describing it as a code injection vulnerability.
infrastructure
1.8.1
The most recent flaw,
CVE-2026-33017
, lets attackers execute arbitrary Python code impacts versions 1.8.1 and earlier of Langflow, and could be exploited via a single crafted HTTP request due to unsandboxed flow execution.
infrastructure
9.3
The security issue received a critical score of 9.3 out of 10 and can be leveraged for remote code execution, allowing threat actors to build public flows without authentication.
organisation
CVE-2025
“This is distinct from
CVE-2025-3248
, which fixed
/api/v1/validate/code
by adding authentication.
infrastructure
1.9.0
System administrators are recommended to upgrade to Langflow version 1.9.0 or later, which addresses the security problem, or disable/restrict the vulnerable endpoint.
organisation
PoC
No public proof-of-concept (PoC) exploit code existed at the time, and Endor Labs believes that attackers built exploits directly from the information included in the advisory.
organisation
Langflow
Endor Labs also advised not to expose Langflow directly to the internet, to monitor outbound traffic, and to rotate API keys, database credentials, and cloud secrets when suspicious activity is detected.
organisation
The Red Report 2026
The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
April 8, 2026
The U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog and orders federal agencies to fix the vulnerability by April 8, 2026.
April 8
Ransomware actors gained access to the U.S. CISA's Known Exploited Vulnerabilities catalog and exploited a Langflow flaw without marking it as such due to an April 8 deadline for federal agencies to apply security updates or mitigations.
Click on any entity below to view its context and source!
tactic
Ransomware
CISA did not mark the flaw as exploited by ransomware actors, but gave federal agencies until April 8 to apply the security updates or mitigations, or stop using the product.
Tactical Metrics
Metrics
infrastructure
1.3.0
Software Version
Click for context!
The flaw impacts versions prior to 1.3.0.
Metrics
infrastructure
9.3
Software Version
The security issue received a critical score of 9.3 out of 10 and can be leveraged for remote code execution, allowing threat actors to build public flows without authentication.
Metrics
infrastructure
1.8.1
Software Version
The most recent flaw,
CVE-2026-33017
, lets attackers execute arbitrary Python code impacts versions 1.8.1 and earlier of Langflow, and could be exploited via a single crafted HTTP request due to unsandboxed flow execution.
Metrics
infrastructure
1.9.0
Software Version
System administrators are recommended to upgrade to Langflow version 1.9.0 or later, which addresses the security problem, or disable/restrict the vulnerable endpoint.
Intelligence Sources
Security Affairs
2026-03-26
BleepingComputer
2026-03-26
CISA: New Langflow flaw actively exploited to hijack AI workflows
BleepingComputer
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T11:43
Comprehensive Tactical Telemetry
Highly Correlated Entities
10x
attribution
Attributing Entity
SecurityAffairs
authority
6x
timeline
Temporal Reference
April 8, 2026
date
6x
organisation
Identified Entity
CVE-2025
entity
4x
infrastructure
Software Version
1.3.0
version
3x
tactic
MITRE ATT&CK Technique
T1588.006 - Vulnerabilities
technique
3x
general metric
Hours
20
hours
2x
vulnerability
Exploited CVE
CVE-2026-33017
cve
2x
vulnerability
CVSS Score
9
score
2x
tactic
Cyber Operation Type
Remote Code Execution
tactic
Contextual Telemetry
Context Block
5 METRICS
source region
Origin Country
United States
country
general metric
Red Report
2,026
red report
general metric
Stars
145,000
stars
general metric
Malicious Samples
1,100,000
malicious samples
general metric
Top Techniques
10
top techniques
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.