CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours

A critical vulnerability in Langflow, an open-source visual framework for AI agents and RAG pipelines, was disclosed on March 17, 2026. The vulnerability, CVE-2026-33017, allows unauthenticated remote code execution on exposed Langflow instances. Within 20 hours, exploitation attempts were observed in the wild. Attackers rapidly developed working exploits from the advisory description and began scanning for vulnerable instances. The Sysdig Threat Research Team deployed honeypots to monitor the attacks, observing automated scanning, custom exploit scripts, and data harvesting activities. The rapid exploitation highlights the accelerating trend of shorter time-to-exploit for vulnerabilities, posing significant challenges for defenders. The attackers targeted high-value data, API keys, and potential software supply chain compromise.

Pulse ID: 69bd18a61f631ff045510990
Pulse Link: https://otx.alienvault.com/pulse/69bd18a61f631ff045510990
Pulse Author: AlienVault
Created: 2026-03-20 09:51:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #HoneyPot #InfoSec #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #SupplyChain #Vulnerability #bot #AlienVault