Secure Cyber Vulnerability Management

27/03/2026
Qualys-Threat-Protect

CISA Added Langflow Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-33017)

by Deepanshu Jha

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently acknowledged the active exploitation of the Langflow vulnerability. Tracked as CVE-2026, the vulnerability may allow an unauthenticated remote attacker to execute arbitrary code on the target system.

CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before April 8, 2025.

Langflow is an open-source, low-code platform that uses a visual, drag-and-drop interface to build, prototype, and deploy AI applications and workflows. It enables users to connect components like large language models (LLMs), vector databases, APIs, and custom logic into functional AI systems without extensive coding.

Vulnerability Details

The vulnerability exists in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. The endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data instead of the stored flow data from the database. This code supplied by the attacker is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution.

Prerequisites

  1. The target Langflow instance must contain at least one public flow (common for demos, chatbots, and shared workflows).
  2. The attacker must know the public flow’s UUID (discoverable via shared links/URLs).
  3. No authentication required — only a client_id cookie (any arbitrary string value).

When AUTO_LOGIN=true (the default), all prerequisites can be met by an unauthenticated attacker:

  1. GET /api/v1/auto_login → obtain superuser token.
  2. POST /api/v1/flows/ → create a public flow.
  3. Exploit via build_public_tmp without any auth.

Affected Versions

The vulnerability affects Langflow versions upto 1.8.1.

Mitigation

Users must upgrade to Langflow version 1.9.0 or later to patch the vulnerability.

For more information, please refer to the Langflow Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 733892 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx

Comments are closed.

You may also like