{"id":225818,"date":"2026-03-20T11:15:00","date_gmt":"2026-03-20T15:15:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/20\/critical-langflow-flaw-cve-2026-33017-triggers-attacks-within-20-hours-of-disclosure\/"},"modified":"2026-03-20T16:45:08","modified_gmt":"2026-03-20T20:45:08","slug":"critical-langflow-flaw-cve-2026-33017-triggers-attacks-within-20-hours-of-disclosure","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/20\/critical-langflow-flaw-cve-2026-33017-triggers-attacks-within-20-hours-of-disclosure\/","title":{"rendered":"Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/critical-langflow-flaw-cve-2026-33017.html\">Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/critical-langflow-flaw-cve-2026-33017.html\">https:\/\/thehackernews.com\/2026\/03\/critical-langflow-flaw-cve-2026-33017.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-20 11:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities.<\/p>\n<p>The security defect, tracked as <strong>CVE-2026-33017<\/strong> (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution.<\/p>\n<p>&#8220;The POST \/api\/v1\/build_public_tmp\/{flow_id}\/flow endpoint allows building public flows without requiring authentication,&#8221; according to Langflow&#8217;s advisory for the flaw.<\/p>\n<p>&#8220;When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution.&#8221;<\/p>\n<p>The vulnerability affects all versions of the open-source artificial intelligence (AI) platform prior to and including 1.8.1. It has been currently addressed in the development version 1.9.0.dev8.<\/p>\n<p>Security researcher Aviral Srivastava, who discovered and reported the flaw on February 26, 2026, said it&#8217;s distinct from CVE-2025-3248 (CVSS score: 9.8), another critical bug in Langflow that abused the \/api\/v1\/validate\/code endpoint to execute arbitrary Python code without requiring any authentication. It has since come under active exploitation, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA).<\/p>\n<p>&#8220;CVE-2026-33017 is in \/api\/v1\/build_public_tmp\/{flow_id}\/flow,&#8221; Srivastava explained, adding that the root cause stems from the use of the same exec() call as CVE-2025-3248 at the end of the chain.<\/p>\n<p>&#8220;This endpoint is designed to be unauthenticated because it serves public flows. You can&#8217;t just add an auth requirement without breaking the entire public flows feature. The real fix is removing the data parameter from the public endpoint entirely, so public flows can only execute their stored (server-side) flow data&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/critical-langflow-flaw-cve-2026-33017.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure https:\/\/thehackernews.com\/2026\/03\/critical-langflow-flaw-cve-2026-33017.html Publish Date: 2026-03-20&#8230;<\/p>\n","protected":false},"author":1,"featured_media":225819,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi2uKC6w30P_dGu6jY7cfDW9xY9ElBbdwmshMQwltpgGrYMyN9TOPaFRbeHh_KM9QUBB7g77BpRq559AtmaDLBFgbxMV_ctMYqQmlaKukZe-LaiyEY_S675PLWqSbGJnjh3_g59EhNTTgjMGxnk-YZjjzX6D7dXOiWklwr_tUnd5sMSp15Q6kKVtYJ4isnF\/s16000\/langflow.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,27],"class_list":["post-225818","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225818"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=225818"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225818\/revisions"}],"predecessor-version":[{"id":225820,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225818\/revisions\/225820"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/225819"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=225818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=225818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=225818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}