Authentication Bypass in Langflow Tool for AI-Powered Workflows
CVE-2026-33017

9.3CRITICAL

Key Information:

Vendor: Langflow-ai
Status: Langflow
Vendor: CVE Published:; 20 March 2026

🔔 Create Langflow-ai Vulnerability Alert

Badges

📈 Trended📈 Score: 1,560💰 Ransomware👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2026-33017?

CVE-2026-33017 refers to a critical authentication bypass vulnerability found in the Langflow Tool, specifically within its AI-powered workflow capabilities. Langflow is designed to help users build and deploy AI-driven agents and workflows, enabling organizations to streamline various automated tasks and processes. However, in versions preceding 1.9.0, a significant flaw exists in the endpoint that handles public flow creations, which does not require user authentication. This allows unauthorized individuals to create public flows by injecting malicious code through a manipulated data parameter. The absence of sandboxing means that this attacker-controlled code can be executed directly, leading to significant security risks, including remote code execution (RCE). Thus, organizations leveraging Langflow could face severe implications if they remain on affected versions, as adversaries can exploit this weakness to gain unauthorized access and control over systems.

Potential impact of CVE-2026-33017

Unauthorized Remote Code Execution: The core risk of CVE-2026-33017 is the potential for unauthorized remote code execution. Attackers can leverage this vulnerability to run arbitrary code on the server, leading to complete control over affected systems and the possible extraction of sensitive data or deployment of additional malicious software.
Data Breaches: Exploiting this vulnerability can facilitate data breaches, as attackers may gain access to confidential information stored on the affected systems. This can result in financial losses, legal repercussions, and damage to an organization’s reputation, especially if customer data is compromised.
Compromise of Internal Systems: The exploitation of CVE-2026-33017 can allow threat actors to not only access the Langflow platform but possibly pivot to compromise other internal systems connected to it. This lateral movement can enable a broader scope of attack, significantly amplifying the impact on an organization’s IT infrastructure.

CISA has reported CVE-2026-33017

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-33017 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

langflow < 1.9.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

PoC-CVE-2026-33017
Created by z4yd3

langflow-CVE-2026-33017-poc
Created by MaxMnMl

Sovereign-Echo-33017
Created by SimoesCTT

News Articles

Dark Reading

CVE-2026-33017

Critical Flaw in Langflow AI Platform Under Attack

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time to address critical bugs.

3 weeks ago