Critical Langflow AI Framework Vulnerability Exploited Within 20 Hours

A critical vulnerability in Langflow, an open-source framework for AI agents and workflows, was rapidly exploited by threat actors within 20 hours of public disclosure. Tracked as CVE-2026-33017 with a CVSS score of 9.3, this flaw allows for unauthenticated remote code execution. The vulnerability exists in a POST endpoint that permits the creation of public flows without authentication, where attackers can supply malicious Python code in the data parameter of node definitions, which is then executed without sandboxing. Sysdig observed exploitation attempts from six unique source IPs within 48 hours, with initial mass scans followed by active reconnaissance and data exfiltration. The exploitation targeted keys and credentials to access connected databases, potentially setting the stage for supply chain attacks. Organizations using Langflow must immediately update to the patched version and audit their systems for unauthorized access. This incident highlights the extremely short window between vulnerability disclosure and active exploitation in modern cloud-native environments.