THREAT SENTINEL
Back to Dashboard
VulnerabilitiesCritical

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Sunday, March 29, 2026
Global
CISA KEV

Summary

Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.

Threat Analysis

**Vulnerability ID:** CVE-2026-33017 **CVSS Score:** 9.0 (CRITICAL) **⚠️ ACTIVELY EXPLOITED** - Added to CISA KEV Catalog **Required Action:** Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. **Due Date:** 2026-04-08

**Description:** Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.

**Affected Products:** Langflow Langflow

**Recent Coverage:** - [Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure](https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.html)

**Recommended Actions:** - **URGENT:** Apply vendor patches immediately - Isolate affected systems if patches unavailable - Monitor for indicators of compromise

Last updated: Mar 29, 2026, 08:17 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM