CISA Adds Actively Exploited Langflow RCE to KEV, Sets April 8 Deadline

Overview

• CVE-2026-33017, which CISA added to its Known Exploited Vulnerabilities catalog Thursday, now carries an April 8 remediation deadline for federal civilian agencies.
• The flaw lets anyone send a crafted request to Langflow’s public build endpoint that feeds attacker-supplied flow data into Python exec with no sandboxing, enabling remote code execution.
• Researchers at Endor Labs and Sysdig reported exploitation within about 20 hours of the advisory’s publication, with no public proof-of-concept, followed by theft of .env and .db files containing keys and credentials.
• Langflow maintainers fixed the issue in version 1.9.0, and guidance urges upgrading or restricting the vulnerable endpoint, keeping instances off the open internet, monitoring outbound traffic, and rotating exposed secrets.
• The project’s broad use for wiring AI workflows into databases and APIs heightens risk because stolen credentials can unlock connected services and trigger downstream compromise.