Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Langflow, a popular tool for building agentic AI workflows, to its Known Exploited Vulnerabilities catalog. The vulnerability allows attackers to execute arbitrary code without authentication, raising concerns about the security of organizations using this tool.
CISA has added a Langflow flaw (CVE-2026-33017) to its Known Exploited Vulnerabilities catalog. The Langflow vulnerability allows attackers to execute arbitrary code without authentication, posing a significant risk to systems. The vulnerability can lead to full system compromise due to the use of user-supplied data containing Python code without sandboxing. Federal agencies must fix the vulnerability by April 8, 2026, according to CISA's Binding Operational Directive (BOD) 22-01. Private organizations are also advised to review the catalog and address the vulnerabilities in their infrastructure.
U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog
The cybersecurity landscape is constantly evolving, with new vulnerabilities and threats emerging every day. In recent times, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been actively working to inform organizations about critical flaws in various software tools that could leave them vulnerable to cyber attacks. In this context, CISA has added a Langflow flaw to its Known Exploited Vulnerabilities catalog. This development highlights the importance of maintaining up-to-date security protocols and keeping track of newly discovered vulnerabilities.
Langflow is a popular tool used for building agentic AI workflows. It provides developers with a robust framework to create complex AI models, ensuring seamless integration with other tools and systems. However, this increased functionality also comes with its own set of security concerns.
A recent addition to the CISA catalog, CVE-2026-33017 is a critical flaw in Langflow (before v1.9.0) that allows attackers to execute arbitrary code without authentication. The public build endpoint accepts user-supplied data containing Python code, which is executed via exec() without sandboxing. This can lead to full system compromise.
The advisory released by CISA states that the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution.
This vulnerability differs from a previously identified flaw, CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code.
According to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by April 8, 2026. This deadline underscores the gravity of the situation, emphasizing the need for prompt action on this critical flaw in Langflow.
Furthermore, it is essential to note that a similar vulnerability was identified just last year, CVE-2025-3248, which had a higher CVSS score (9.8). Researchers from cybersecurity firm Horizon3.ai discovered this vulnerability and highlighted its ease of exploitation.
The recent addition of the Langflow flaw to the CISA catalog serves as a reminder to organizations of the importance of maintaining robust security protocols. As the threat landscape continues to evolve, it is crucial for developers and users alike to stay informed about newly discovered vulnerabilities and take necessary steps to mitigate them.
In conclusion, the Langflow vulnerability highlights the need for continuous vigilance in the cybersecurity community. By staying up-to-date on the latest vulnerabilities and taking prompt action to address them, organizations can minimize their risk of falling victim to cyber attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Langflow-Vulnerability-A-Critical-Flaw-in-AI-Workflow-Tool-Raises-Concerns-About-Cybersecurity-ehn.shtml
https://securityaffairs.com/190018/security/u-s-cisa-adds-a-langflow-flaw-to-its-known-exploited-vulnerabilities-catalog.html
https://www.bleepingcomputer.com/news/security/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/
https://cyberpress.org/langflow-code-injection-flaw/
https://nvd.nist.gov/vuln/detail/CVE-2025-3248
https://www.cvedetails.com/cve/CVE-2025-3248/
https://nvd.nist.gov/vuln/detail/CVE-2026-33017
https://www.cvedetails.com/cve/CVE-2026-33017/
Published: Thu Mar 26 17:36:41 2026 by llama3.2 3B Q4_K_M
