U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog
Publish Date: 2026-03-26 17:07:00
Source Domain: securityaffairs.com
U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini
March 26, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2026-33017 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog.
Langflow is a popular tool used for building agentic AI workflows.
CVE-2026-33017 is a critical flaw in Langflow (before v1.9.0) that allows attackers to execute arbitrary code without authentication. The public build endpoint accepts user-supplied data containing Python code, which is executed via exec() without sandboxing. This can lead to full system compromise.
“The POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution.” reads the advisory. “This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code.”
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and…
