critical advisory March 24, 2026

Critical RCE Vulnerability in Langflow AI Pipelines (CVE-2026-33017)

A critical remote code execution vulnerability, CVE-2026-33017, exists in Langflow AI pipelines prior to version 1.9.0 that allows an unauthenticated remote attacker to execute code with full server process privileges, impacting availability, integrity, and confidentiality.

A critical remote code execution vulnerability, CVE-2026-33017, affects Langflow AI pipelines prior to version 1.9.0. Langflow is a tool used for building and deploying AI-powered agents and workflows. The vulnerability resides in the build_public_tmp endpoint, which is intended to be unauthenticated for public flows. However, it incorrectly accepts attacker-supplied flow data, leading to remote code execution with full server process privileges. The vulnerability can be exploited by an…

Detection coverage 2

Langflow Suspicious Process Execution

high

Detects suspicious processes spawned by the Langflow process, indicative of potential RCE exploitation

sigma tactics: execution techniques: T1059.004 sources: process_creation, linux

Langflow Reconnaissance Activity

medium

Detects potential scanning or reconnaissance attempts against Langflow instances.

sigma tactics: reconnaissance techniques: T1046 sources: network_connection, linux

Detection queries are kept inside the platform. Get full rules →