anonhaven
Ad

CVE-2026-33017

CRITICAL CVSS 4.0: 9.3 EPSS 4.70% ACTIVE EXPLOIT
Updated Mar 26, 2026
Python

CISA Known Exploited Vulnerability (KEV)

This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended.

Due Date: Apr 08, 2026

Parameter Value
CVSS 9.3 (CRITICAL)
Affected Versions before 1.8.2
Fixed In 1.9.0
Type CWE-306 (Missing Authentication for Critical Function), CWE-95, CWE-94 (Code Injection)
Vendor Python
Public PoC Yes

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database.

This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code.

This issue has been fixed in version 1.9.0.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-306 Missing Authentication for Critical Function
CWE-95
CWE-94 Code Injection

Vulnerable Products 13

Configuration From (including) Up to (excluding)
Langflow Langflow
cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
 <= 1.8.2
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev0:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev1:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev10:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev11:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev2:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev3:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev4:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev5:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev6:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev7:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev8:*:*:*:*:*:*
Langflow Langflow
cpe:2.3:a:langflow:langflow:1.9.0:dev9:*:*:*:*:*:*

References 8

https://github.com/advisories/GHSA-rvqx-wpfh-mfx7
security-advisories@github.com
https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd4…
security-advisories@github.com
https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
security-advisories@github.com
https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-a…
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-…
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/langflow-ai/langflow/releases/tag/1.8.2
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40260

Python

6.9

CVE-2026-40947

Python

2.9

CVE-2026-40192

Python

8.7

CVE-2026-40683

Python

7.7

CVE-2026-5713

Python

5.3