CVE-2026-33017: Langflow Code Injection Vulnerability Added to CISA KEV
Summary
CISA added CVE-2026-33017, a code injection vulnerability in Langflow, to its Known Exploited Vulnerabilities catalog on March 25, 2026. Langflow is a popular open-source platform for building AI-powered applications and workflows. The vulnerability could allow attackers to build publicly accessible exploits targeting Langflow deployments.
Threat Analysis
CVE-2026-33017 is a code injection vulnerability in Langflow, an open-source platform widely used for building AI-powered applications and multi-agent workflows. CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 25, 2026, confirming active exploitation.
Affected Products: Langflow — a Python-based visual framework for building AI applications. The vulnerability affects deployments where the Langflow API is publicly accessible.
Exploitation Status: Actively exploited. The vulnerability allows attackers to inject and execute arbitrary code through Langflow's API endpoints, potentially compromising the underlying server and any AI models or data pipelines hosted on the platform.
Impact: Given Langflow's role in AI application development, exploitation could lead to theft of API keys, model weights, training data, and sensitive business logic. Attackers could also use compromised Langflow instances as pivot points for lateral movement.
Recommended Mitigations: Update Langflow to the latest patched version immediately. Restrict network access to Langflow instances — do not expose the API publicly without authentication. Implement API authentication and rate limiting. Review access logs for signs of unauthorized API calls. Consider placing Langflow behind a VPN or zero-trust access gateway.