CISA has flagged CVE-2026-33017, a critical RCE vulnerability (CVSS 9.3) in Langflow, the open-source low-code AI agent framework. The flaw exists in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint, which passes attacker-controlled flow data directly to Python's exec() function without sandboxing or authentication checks. A single crafted HTTP request is enough to compromise exposed instances. Successful exploitation could expose API keys for cloud providers, AI platforms, and code repositories, enabling lateral movement, database access, or supply chain attacks via CI/CD pipelines. The issue is fixed in Langflow version 1.9.0, and immediate upgrades are strongly advised.
Sort: