Rce

If you are running Flowise and have not upgraded to version 3.0.6 of the npm package, you are likely already compromised — or actively being probed. Researchers at VulnCheck have confirmed that CVE-2025-59528, a CVSS 10.0 (maximum severity) code injection vulnerability in the open-source AI agent builder Flowise, has been under active exploitation for over six months. Between 12,000 and 15,000 publicly exposed Flowise instances remain unpatched as of the time of reporting, according to data shared with The Hacker News and BleepingComputer. ...

If you’re running Langflow and haven’t patched yet, stop reading and go patch. Then come back. A critical vulnerability in Langflow — CVE-2026-33017 (CVSS 9.3) — enables unauthenticated remote code execution, and threat actors began exploiting it in the wild within 20 hours of public disclosure on March 20, 2026. That’s not a theoretical risk. That’s active attacks happening right now. What the Vulnerability Does The flaw lives in a single endpoint: ...

CVE-2026-33017 (CVSS 9.3) is a critical unauthenticated remote code execution vulnerability in Langflow that was actively exploited within 20 hours of public disclosure. If your Langflow instance is running version 1.8.1 or earlier and is network-accessible, treat this as an emergency. This guide walks you through patching, verification, and hardening steps to protect your deployment. Step 1: Confirm Your Current Version Check your installed Langflow version: pip show langflow | grep Version # or if running in Docker: docker exec <container_name> pip show langflow | grep Version If the output shows 1.8.1 or earlier, you are vulnerable and must patch immediately. ...

Security researchers dropped a cluster of critical findings today that should be on every agentic AI team’s radar. Vulnerabilities disclosed on March 17, 2026 affect three widely-used components of modern AI pipelines: Amazon Bedrock AgentCore, LangSmith, and SGLang — with the SGLang flaws scoring a maximum-tier 9.8 CVSS and allowing unauthenticated remote code execution. If your production agentic pipeline touches any of these systems, read this now. Amazon Bedrock: DNS Exfiltration Despite “No Network Access” BeyondTrust researchers revealed that Amazon Bedrock AgentCore’s Code Interpreter sandbox — marketed as network-isolated — actually permits outbound DNS queries. That’s a critical gap between what “no network access” implies and what it delivers. ...

If you use Claude Code in your development workflow, stop and read this before opening another repository. Check Point Research has disclosed two critical vulnerabilities — CVE-2026-21852 and CVE-2025-59536 — in Anthropic’s Claude Code agentic coding tool. The flaws allowed attackers to execute arbitrary code on a victim’s machine and exfiltrate API keys. The attack vector required only a malicious configuration file placed in a repository. The exploit triggered automatically — before the user saw or accepted the trust dialog. ...

Stop what you’re doing and update Claude Code. Check Point Research disclosed two critical vulnerabilities today — CVE-2025-59536 and CVE-2026-21852 — that can let an attacker execute code on your machine and steal your Anthropic API key simply by having you clone and open a malicious repository. No additional interaction required. No suspicious files to download. Just opening the wrong repo is enough. What Was Disclosed Check Point Research published full technical details on both CVEs affecting Claude Code, Anthropic’s AI-powered coding assistant: ...

OpenClaw Security Crisis: Six CVEs Patched, 40K Instances Exposed, and NanoClaw Rises Today is a tough day for OpenClaw’s security reputation — and an important one for anyone running the framework. Three interconnected stories broke simultaneously, painting a picture of an ecosystem under pressure: six newly-disclosed vulnerabilities, 40,000+ publicly exposed instances, and the rapid rise of a minimalist, security-first alternative called NanoClaw. Here’s the full picture, and what you need to do right now. ...

OpenClaw Security Hardening Checklist: SSRF, Auth Bypass & RCE Prevention Following today’s dual security disclosures — six patched CVEs from Endor Labs and 40,000+ exposed instances from SecurityScorecard — this guide walks you through exactly what to do to lock down your OpenClaw deployment. Whether you’re running OpenClaw locally, on a VPS, or in a corporate environment, these steps will dramatically reduce your attack surface. Bookmark this. Share it with your team. Run through it today. ...