CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2026-33017: Critical Langflow RCE Vulnerability

June 25, 2026

CVE-2026-33017 is an unauthenticated remote code execution vulnerability in Langflow with a CVSS score of 9.3. It allows threat actors to execute arbitrary Python code on exposed Langflow API endpoints, leading to initial access and deployment of malware such as cryptocurrency miners.