{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/ai-pipeline/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["langflow","rce","cve-2026-33017","ai-pipeline"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical remote code execution vulnerability, CVE-2026-33017, affects Langflow AI pipelines prior to version 1.9.0. Langflow is a tool used for building and deploying AI-powered agents and workflows. The vulnerability resides in the \u003ccode\u003ebuild_public_tmp\u003c/code\u003e endpoint, which is intended to be unauthenticated for public flows. However, it incorrectly accepts attacker-supplied flow data, leading to remote code execution with full server process privileges. The vulnerability can be exploited by an…\u003c/p\u003e\n","date_modified":"2026-03-24T12:00:00Z","date_published":"2026-03-24T12:00:00Z","id":"/briefs/2026-03-langflow-rce/","summary":"A critical remote code execution vulnerability, CVE-2026-33017, exists in Langflow AI pipelines prior to version 1.9.0 that allows an unauthenticated remote attacker to execute code with full server process privileges, impacting availability, integrity, and confidentiality.","title":"Critical RCE Vulnerability in Langflow AI Pipelines (CVE-2026-33017)","url":"https://feed.craftedsignal.io/briefs/2026-03-langflow-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Ai-Pipeline","version":"https://jsonfeed.org/version/1.1"}