CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours CVE-2026-33017 is an unauthenticated remote code execution flaw in Langflow's public flow build endpoint that attackers weaponized within ~20 hours of disclosure to execute arbitrary Python and exfiltrate credentials. Sysdig's honeypots recorded rapid, multi-stage exploitation—nuclei-based scanning, custom Python exploit scripts, and staged dropper/C2 infrastructure—that harvested environment variables, .env files, and database artifacts. #Langflow #CVE-2026-33017

CVE-2026-33017 is an unauthenticated remote code execution flaw in Langflow’s public flow build endpoint, exploited within 20 hours to run arbitrary Python and steal credentials via multi-stage attacks. #Langflow #RemoteCode #Exploit2026