CISA Issues Urgent Warning on Langflow Code Injection Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical code-injection vulnerability discovered within Langflow.
Tracked as CVE-2026-33017, this severe security flaw has been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog following verified evidence of active exploitation in the wild.
Network defenders and organisations utilising Langflow in their development pipelines are strongly advised to take immediate action to secure their environments against potential network compromise.
Technical Vulnerability Details
CVE-2026-33017 exposes Langflow instances to significant security risks by enabling unauthenticated users to execute arbitrary code.
Developers widely use Langflow as a visual framework for building large language model (LLM) applications and pipelines.
This specific vulnerability allows malicious actors to build public flows without requiring any authentication credentials.
By bypassing standard security checkpoints, attackers can inject and run malicious scripts directly within the application environment with alarming ease.
The flaw is rooted in multiple security weaknesses, primarily the improper control of code generation (CWE-94) and the improper evaluation of injected directives (CWE-95).
These issues are severely compounded by a complete lack of authentication mechanisms for critical system functions (CWE-306), granting attackers immediate access.
- CVE Identifier: CVE-2026-33017
- Affected Software: Langflow
- Vulnerability Type: Code Injection and Missing Authentication
- Date Added to KEV: March 25, 2026
- Remediation Deadline: April 8, 2026
- Ransomware Status: Currently unknown if used in ransomware campaigns
In response to the active exploitation of this flaw, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply necessary mitigations by April 8, 2026.
While the Binding Operational Directive (BOD) 22-01 applies strictly to federal networks, CISA strongly urges all private and public sector organisations to treat this vulnerability with the same level of urgency.
System administrators must immediately implement the mitigations per the vendor’s official instructions.
If a patch or effective mitigation strategy is currently unavailable for a specific deployment, organisations are advised to follow applicable BOD 22-01 guidance for cloud services or temporarily discontinue the use of the product.
The integration of AI and workflow tools into modern development makes them highly attractive targets for cybercriminals.
Allowing unauthorized users to manipulate these AI flows could lead to rapid data exfiltration, lateral network movement, or the compromise of connected infrastructure.