Langflow

If you’re running Langflow and haven’t patched yet, stop reading and go patch. Then come back. A critical vulnerability in Langflow — CVE-2026-33017 (CVSS 9.3) — enables unauthenticated remote code execution, and threat actors began exploiting it in the wild within 20 hours of public disclosure on March 20, 2026. That’s not a theoretical risk. That’s active attacks happening right now. What the Vulnerability Does The flaw lives in a single endpoint: ...

CVE-2026-33017 (CVSS 9.3) is a critical unauthenticated remote code execution vulnerability in Langflow that was actively exploited within 20 hours of public disclosure. If your Langflow instance is running version 1.8.1 or earlier and is network-accessible, treat this as an emergency. This guide walks you through patching, verification, and hardening steps to protect your deployment. Step 1: Confirm Your Current Version Check your installed Langflow version: pip show langflow | grep Version # or if running in Docker: docker exec <container_name> pip show langflow | grep Version If the output shows 1.8.1 or earlier, you are vulnerable and must patch immediately. ...