CVE-2026-33017 - Langflow Code Injection Vulnerability
Project:Langflow
Product:Langflow
Date Added:2026-03-25Due Date:2026-04-08
Vulnerability Name
Langflow Code Injection Vulnerability
Description
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
https://nvd.nist.gov/vuln/detail/CVE-2026-33017
Related News Articles
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCEJune 10, 2026
Path traversal flaw in AI dev platform Langflow exploited in attacksJune 11, 2026
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCEJune 10, 2026
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitationMarch 27, 2026
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI FrameworksMarch 27, 2026