Active Exploitation of Langflow Code Injection (CVE‑2026‑33017) Added to CISA KEV Catalog
What It Is – A code‑injection flaw in the open‑source Langflow platform (CVE‑2026‑33017) allows an attacker to inject arbitrary commands into the backend execution engine, potentially achieving remote code execution.
Exploitability – CISA has confirmed active exploitation in the wild and added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. A proof‑of‑concept exists; CVSS v3.1 is currently rated 8.6 (High).
Affected Products – Langflow (any version prior to the vendor‑released patch). The vulnerability impacts deployments that expose the Langflow web UI or API to untrusted input.
TPRM Impact – Organizations that embed Langflow in internal tools, SaaS offerings, or as part of a larger AI/ML pipeline face supply‑chain risk: a compromised Langflow instance can be leveraged to pivot into downstream services, exfiltrate data, or disrupt business processes.
Recommended Actions –
- Inventory all Langflow instances across the enterprise and third‑party services.
- Apply the vendor‑released patch immediately; if unavailable, block external access to the Langflow UI/API.
- Align remediation with CISA BOD 22‑01 deadlines (remediate by the prescribed due date).
- Conduct post‑remediation testing to verify the injection vector is mitigated.
- Update vulnerability‑management playbooks to prioritize KEV catalog items.
Source: CISA Advisory – CVE‑2026‑33017