CVE-2026-33017

high-risk
Published 2026-03-20

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Do I need to act?

~
5.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Langflow

References (8)

Third Party Advisory https://github.com/advisories/GHSA-rvqx-wpfh-mfx7
Patch https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47...
Exploit https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
Release Notes https://github.com/langflow-ai/langflow/releases/tag/1.8.2
Exploit https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-i...
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-...
Press/Media Coverage https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai...
Get this data via API
curl -H "Authorization: Bearer YOUR_KEY" \
  https://cyber.phasetransitions.ai/api/v1/cves/CVE-2026-33017
Free tier: 100 requests/day, no credit card.
53
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 16/34 · Moderate
Exposure 5/34 · Minimal