CVE-2026-33017 – langflow
“When AI workflow tools are exposed, attackers don’t just access data—they can control the logic behind it.”
Langflow addresses a critical vulnerability that exposes AI-driven workflows to compromise. CVE-2026-33017 carries a CVSS score of 9.3, which is Critical severity. The issue allows attackers to gain unauthorized access and potentially manipulate or execute actions within the application, putting both data and automated processes at risk.
This vulnerability is actively exploited in the wild, increasing the urgency for remediation. Attackers can tamper with AI pipelines, inject malicious logic, or access sensitive inputs and outputs. In environments where Langflow is integrated into business processes, this can lead to corrupted results, data leakage, and loss of trust in automated decision-making systems.
Key Details
- Affected Product
- Langflow Langflow
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-94