Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

CVE-2026-33017 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-33017 | CVSS 9.8 (Critical) | Exploit: PoC available

What Is It

CVE-2026-33017 is an unauthenticated remote code execution vulnerability in Langflow, a platform for building and deploying AI-powered agents and workflows, affecting all versions prior to 1.9.0.

Technical Detail

The flaw exists in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint, which is designed to allow building of public flows and requires no authentication. When an attacker supplies an optional data parameter, the endpoint substitutes the stored flow definition with attacker-controlled content, which can include arbitrary Python code embedded in node definitions. This code is passed directly to Python's exec() function with no sandboxing or input validation, resulting in full remote code execution under the privileges of the Langflow process.

Exploitation Status

A proof-of-concept exploit is publicly available. This vulnerability has not been added to the CISA Known Exploited Vulnerabilities catalog as of the date of this briefing, and there is no confirmed evidence of active exploitation in the wild at this time. However, the low exploitation barrier, unauthenticated attack surface, and public PoC availability make weaponization likely in the near term.

Who Is Targeting This

No specific threat actor attribution at this time. No confirmed or reported threat actor activity has been associated with this CVE in available intelligence sources.

What To Do

Upgrade Langflow to version 1.9.0 or later immediately. Given the CVSS score of 9.8 and the availability of a public PoC, this should be treated as a priority patch. If immediate patching is not possible, restrict network access to the affected endpoint at the perimeter or reverse proxy layer, and ensure the Langflow service is not exposed to untrusted networks or the public internet. Detection efforts should focus on anomalous POST requests to the /api/v1/build_public_tmp/ endpoint path, particularly those originating from unexpected sources or containing large or structured data payloads. Monitor the Langflow process for unusual child process spawning or outbound network connections that may indicate post-exploitation activity.

All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →