INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Critical Langflow Flaw CVE-2026-33017 Exploit Within 20 Hours
| 2026-03-20 15:15 CRITICAL LOWExecutive Summary AI-generated
The open-source artificial intelligence platform, Langflow, has been compromised with a critical vulnerability that allows attackers to execute arbitrary Python code without authentication. The flaw, CVE-2026-33017, was discovered by security researcher Aviral Srivastava on February 26, 2026, and is distinct from another critical bug in the same software,CVE-2025-3248. This exploit can be triggered with a simple HTTP POST request containing malicious Python code in the JSON payload of an HTTP POST request to the /api/v1/build_public_tmp/{flow_id}/flow endpoint. The vulnerability has been addressed in development versions and is currently being actively exploited by attackers, who are taking advantage of its ease of use and potential impact on valuable data within software supply chains and public PoC code availability.
Technical Mitigations AI-generated
* Implement secure coding practices: Ensure that developers and maintainers follow best practices for secure coding, such as validating user input, using secure authentication mechanisms, and sanitizing output to prevent code injection attacks.
* Regularly update and patch dependencies: Keep all dependencies, including libraries and frameworks, up-to-date with the latest security patches. This will help ensure that known vulnerabilities are addressed before they can be exploited by attackers.
* Use secure communication protocols: When communicating with external services or APIs, use secure protocols such as HTTPS (TLS) to prevent eavesdropping and tampering of sensitive data.
* Implement rate limiting and IP blocking: Implement rate limiting on API requests and block suspicious IP addresses to prevent brute-force attacks. This can help reduce the number of successful exploitation attempts within a short timeframe.
* Monitor for suspicious activity: Continuously monitor system logs, network traffic, and other sources for signs of unauthorized access or malicious activity. This will help identify potential threats early and take action to contain them before they cause significant harm.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-33017CVE-2026-33017
CVE-2025-3248CVE-2025-3248
Target & Sectors
Global Scope
Incident Timeline
February 26, 2026
Threat actors used a previously unknown vulnerability in Langflow, CVE-2026-33017, to trigger attacks within 20 hours of disclosure by exploiting the same root cause as another critical bug.
Click on any entity below to view its context and source!
tactic
T1059.006 - Python
Security researcher Aviral Srivastava, who discovered and reported the flaw on February 26, 2026, said it's distinct from
CVE-2025-3248
(CVSS score: 9.8), another critical bug in Langflow that abused the /api/v1/validate/code endpoint to execute arbitrary Python code without requiring any authentication.
organisation
CVE-2025-3248
Security researcher Aviral Srivastava, who discovered and reported the flaw on February 26, 2026, said it's distinct from
CVE-2025-3248
(CVSS score: 9.8), another critical bug in Langflow that abused the /api/v1/validate/code endpoint to execute arbitrary Python code without requiring any authentication.
general_metric
9.8 score
Security researcher Aviral Srivastava, who discovered and reported the flaw on February 26, 2026, said it's distinct from
CVE-2025-3248
(CVSS score: 9.8), another critical bug in Langflow that abused the /api/v1/validate/code endpoint to execute arbitrary Python code without requiring any authentication.
organisation
The Hacker News
Srivastava told The Hacker News that exploiting CVE-2026-33017 is "extremely easy" and can be triggered by means of a weaponized curl command.
March 17
Threat actors used a custom Python exploit script to deliver a stage-2 dropper via automated scanning of infrastructure from four source IPs, all sending the same payload.
Click on any entity below to view its context and source!
general_metric
20 hours
Timeline of Exploitation Events
Sysdig said its honeypots observed the following malicious activity, following likely development of the exploit 20 hours after the CVE advisory was published on March 17:
Automated scanning of infrastructure from four source IPs, all sending the same payload, and therefore likely coming from the same attacker
Custom Python exploit scripts ready to be delivered via a stage-2 dropper, indicating the attacker had a prepared exploitation toolkit
Credential harvesting, including databases, API keys, cloud credentials, and configuration files
Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 days in 2018 to just hours in 2024.
tactic
T1059.006 - Python
Timeline of Exploitation Events
Sysdig said its honeypots observed the following malicious activity, following likely development of the exploit 20 hours after the CVE advisory was published on March 17:
Automated scanning of infrastructure from four source IPs, all sending the same payload, and therefore likely coming from the same attacker
Custom Python exploit scripts ready to be delivered via a stage-2 dropper, indicating the attacker had a prepared exploitation toolkit
Credential harvesting, including databases, API keys, cloud credentials, and configuration files
Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 days in 2018 to just hours in 2024.
organisation
Timeline of Exploitation Events
Timeline of Exploitation Events
Sysdig said its honeypots observed the following malicious activity, following likely development of the exploit 20 hours after the CVE advisory was published on March 17:
Automated scanning of infrastructure from four source IPs, all sending the same payload, and therefore likely coming from the same attacker
Custom Python exploit scripts ready to be delivered via a stage-2 dropper, indicating the attacker had a prepared exploitation toolkit
Credential harvesting, including databases, API keys, cloud credentials, and configuration files
Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 days in 2018 to just hours in 2024.
organisation
Credential
Timeline of Exploitation Events
Sysdig said its honeypots observed the following malicious activity, following likely development of the exploit 20 hours after the CVE advisory was published on March 17:
Automated scanning of infrastructure from four source IPs, all sending the same payload, and therefore likely coming from the same attacker
Custom Python exploit scripts ready to be delivered via a stage-2 dropper, indicating the attacker had a prepared exploitation toolkit
Credential harvesting, including databases, API keys, cloud credentials, and configuration files
Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 days in 2018 to just hours in 2024.
organisation
API
Timeline of Exploitation Events
Sysdig said its honeypots observed the following malicious activity, following likely development of the exploit 20 hours after the CVE advisory was published on March 17:
Automated scanning of infrastructure from four source IPs, all sending the same payload, and therefore likely coming from the same attacker
Custom Python exploit scripts ready to be delivered via a stage-2 dropper, indicating the attacker had a prepared exploitation toolkit
Credential harvesting, including databases, API keys, cloud credentials, and configuration files
Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 days in 2018 to just hours in 2024.
organisation
TTE
Timeline of Exploitation Events
Sysdig said its honeypots observed the following malicious activity, following likely development of the exploit 20 hours after the CVE advisory was published on March 17:
Automated scanning of infrastructure from four source IPs, all sending the same payload, and therefore likely coming from the same attacker
Custom Python exploit scripts ready to be delivered via a stage-2 dropper, indicating the attacker had a prepared exploitation toolkit
Credential harvesting, including databases, API keys, cloud credentials, and configuration files
Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 days in 2018 to just hours in 2024.
March 17, 2026
Threat actors used automated scanning to discover CVE-2026-33017 within 20 hours of its advisory publication.
Click on any entity below to view its context and source!
general_metric
20 hours
Cloud security firm Sysdig said it observed the first exploitation attempts targeting CVE-2026
-
33017 in the wild within 20 hours of the advisory's publication on March 17, 2026.
organisation
Sysdig
Cloud security firm Sysdig said it observed the first exploitation attempts targeting CVE-2026
-
33017 in the wild within 20 hours of the advisory's publication on March 17, 2026.
organisation
TTE
The 20-hour window between advisory publication and first exploitation aligns with an accelerating trend that has seen the median time-to-exploit (TTE) shrinking from 771 days in 2018 to just hours in 2024.
organisation
CVE-2025
The exploration activity targeting CVE-2025
-
3248 and CVE-2026-33017 underscores how AI workloads are landing in attackers' crosshairs owing to their access to valuable data, integration within the software supply chain, and insufficient security safeguards.
organisation
CVE-2026
The exploration activity targeting CVE-2025
-
3248 and CVE-2026-33017 underscores how AI workloads are landing in attackers' crosshairs owing to their access to valuable data, integration within the software supply chain, and insufficient security safeguards.
organisation
PoC
"No public proof-of-concept (PoC) code existed at the time," Sysdig said.
organisation
IP
Subsequent activity from the same IP address points in a thorough credential harvesting operation that involves gathering environment variables, enumerating configuration files and databases, and extracting the contents of .env files.
2026-03-20
Threat actors exploited the CVE-2026-33017 critical Langflow flaw within 20 hours of public disclosure.
Click on any entity below to view its context and source!
general_metric
20 hours
Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description.
organisation
CVE-2026-33017
Sysdig said that CVE-2026-33017 is a particularly attractive target for exploitation as no authentication is required, there are plenty of exposed Langflow instances, and exploitation is relatively easy.
organisation
Sysdig
Sysdig said that CVE-2026-33017 is a particularly attractive target for exploitation as no authentication is required, there are plenty of exposed Langflow instances, and exploitation is relatively easy.
organisation
Langflow
Given a CVSS score of 9.3, it allows attackers to execute arbitrary Python code on exposed Langflow instances, with no credentials required and only a single HTTP request.
organisation
CVE
Sysdig revealed in a
blog post
it had observed threat actors exploit the CVE within a day, despite the fact that no public proof-of-concept (PoC) code existed.
organisation
PoC
Sysdig revealed in a
blog post
it had observed threat actors exploit the CVE within a day, despite the fact that no public proof-of-concept (PoC) code existed.
infrastructure
1.8.1
"
The vulnerability affects all versions of the open-source artificial intelligence (AI) platform prior to and including 1.8.1.
infrastructure
1.9.0
It has been currently addressed in the
development version 1.9.0.dev8
.
organisation
POST
"The POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication," according to Langflow's advisory for the flaw.
Tactical Metrics
Metrics
infrastructure
1.8.1
Software Version
Click for context!
"
The vulnerability affects all versions of the open-source artificial intelligence (AI) platform prior to and including 1.8.1.
Metrics
infrastructure
1.9.0
Software Version
It has been currently addressed in the
development version 1.9.0.dev8
.
Intelligence Sources
Infosecurity-Magazine
2026-03-20
Hackers Exploit Critical Langflow Bug in Just 20 Hours
Infosecurity-Magazine
The Hacker News
2026-03-20
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T11:21
Comprehensive Tactical Telemetry
Highly Correlated Entities
15x
organisation
Identified Entity
Langflow
entity
13x
timeline
Temporal Reference
2026-03-20
date
4x
attribution
Attributing Entity
CISA’s Known Exploited
authority
2x
tactic
Cyber Operation Type
Ransomware
tactic
2x
general metric
Hours
20
hours
2x
vulnerability
Exploited CVE
CVE-2026-33017
cve
2x
tactic
MITRE ATT&CK Technique
T1059.006 - Python
technique
2x
general metric
%
44
%
2x
infrastructure
Software Version
1.8.1
version
Contextual Telemetry
Context Block
4 METRICS
vulnerability
CVSS Score
9
score
general metric
Security Defect
9
security defect
general metric
Score
10
score
general metric
Cve-2026
33,017
cve-2026
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.