A critical code injection vulnerability (CVE-2026-33017) in Langflow, an open source AI agent development framework, is being actively exploited in the wild. CISA added it to its Known Exploited Vulnerabilities catalog after exploitation attempts were observed within 24 hours of disclosure — even without a public proof-of-concept exploit. The flaw (CVSS 9.8) allows unauthenticated remote code execution via an unprotected API endpoint that passes attacker-controlled Python code directly to exec() with no sandboxing. Attackers can extract API keys for OpenAI, Anthropic, and AWS, enabling lateral movement. Langflow version 1.9.0 patches the issue. Security researchers warn that the window between advisory publication and active exploitation is now measured in hours, making scheduled patch cycles insufficient.
Sort: