CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch deadline.

Patch now! Malicious code attacks on AI tool Langflow observed

A critical security vulnerability in Langflow allows attackers to push and execute malicious code on PCs. A security patch is available.
Infosecurity-magazine.com

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description. The bug, CVE-2026 ...
至顶头条 on MSN

关键Langflow漏洞CVE-2026-33017在披露20小时内引发攻击

Langflow平台存在严重安全漏洞CVE-2026-33017(CVSS评分9.3),该漏洞结合了缺失身份验证和代码注入问题,可导致远程代码执行。漏洞影响1.8.1及之前版本,攻击者可通过单个HTTP请求获得服务器完整权限。云安全公司Sysdig发现,该漏洞在3月17日公开披露后20小时内就遭到野外利用,攻击者直接根据安全公告构建了可用的漏洞利用工具,并开始扫描互联网寻找易受攻击的实例。