A critical vulnerability in Langflow, identified as CVE-2026-33017, has been actively exploited in the wild, marking it as a zero-day threat. The flaw, which affects versions prior to 1.9.0, allows attackers to build public AI-powered workflows without authentication via the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. This endpoint, when supplied with an optional data parameter, can be manipulated to execute arbitrary code, making it a severe security risk.
With a CVSS score of 9.8, this vulnerability is classified as critical, and its exploitation was detected within 20 hours of its disclosure on March 20, 2026. The vulnerability is listed in the Known Exploited Vulnerabilities (KEV) catalog as of March 25, 2026, underscoring its significance and the urgency for remediation.
The exploitation of CVE-2026-33017 is facilitated by the availability of at least 14 proof-of-concept exploits, which have likely contributed to its rapid adoption by threat actors. The Endpoint Protection Security Score (EPSS) for this vulnerability is 0.035, indicating a moderate likelihood of exploitation, yet the real-world impact has been immediate and significant.
Langflow users are urged to upgrade to version 1.9.0 or later to mitigate this vulnerability. Security teams should prioritize patching and monitor for any signs of compromise, particularly unauthorized access attempts to the affected API endpoint. Given the critical nature of this flaw and its active exploitation, swift action is necessary to protect systems from potential breaches.
CSURFACE