A serious flaw in Langflow, an open source framework for making AI agents, has been used in the real world This article explores vulnerabilities kev langflow. . On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-33017 to its list of Known Exploited Vulnerabilities (KEV).
Langflow said that version 1.9.0 of the framework fixed the problem, and users should upgrade to the new version as soon as possible. Sysdig researchers wrote in a blog post that attackers will get to organizations that fix critical flaws on a set schedule first. "Now, for defenders, the time between "advisory publication" and "active exploitation" is measured in hours, not days or weeks," SysDig said in a blog post last week.
To close "the gap between disclosure and remediation," the company talked about defensive measures like runtime detection, network segmentation, and the ability to respond quickly. "Threat actors are increasingly targeting AI workloads because they contain valuable data, give access to the software supply chain, and often lack strong security," the company said. The researchers also said that threat actors could get sensitive information from Langflow instances that were not secure, like keys and credentials, and that they might be able to move laterally to other databases and services that were connected.
They said that this flaw is different from another one that is easy to take advantage of and was used by threat actors last year to spread the Flodrix botnet.
The problem with the POST "/api/v1/build_public_tmp/{flow_id}/flow" endpoint is what makes it vulnerable.
