Caveat: you won't see this without process execution logging with command lines on your pipeline hosts.

CVE-2025-3248 — Langflow's /api/v1/validate/code executes user-supplied Python before auth. CVSS 9.8. CISA KEV.

Post-RCE, attackers run printenv. Langflow holds LLM API keys, database connection strings, and cloud credentials in the process environment. High cred density in a single process.

thehackernews.com/2026/03/crit...

20 hours to exploitation in the wild! No public POC!
AI orchestration tools like this have 1 layer of defense, when it fails, its full 0-auth arbitrary code execution. If you have this exposed, consider it compromised.

#aisecuritty #cve-2026-33017 #zeroday

Introducing Huntable CTI Studio Huntable CTI Studio Huntable CTI Studio is an AI-assisted workbench for detection engineers and threat hunters. It helps turn open-source threat intelligence into Sigma rules you can validate, revi…

Meet Huntable CTI Studio: AI-assisted workbench for turning intel into detection rules! LLMs accelerates tedious extraction tasks freeing you up to handle the nuanced, human-reasoning heavy analysis. Transparent pipelines, human oversight, tunable agents.
bit.ly/3OqKkI3 #DFIR #ThreatHunting

Introducing Huntable CTI Studio Huntable CTI Studio Huntable CTI Studio is an AI-assisted workbench for detection engineers and threat hunters. It helps turn open-source threat intelligence into Sigma rules you can validate, revi…

Meet Huntable CTI Studio: AI-assisted workbench for turning intel into detection rules! LLMs accelerates tedious extraction tasks freeing you up to handle the nuanced, human-reasoning heavy analysis. Transparent pipelines, human oversight, tunable agents.
bit.ly/3OqKkI3