Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in Langflow (CVSS 9.3), to deploy a Monero cryptocurrency…
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in Langflow (CVSS 9.3), to deploy a Monero cryptocurrency…
CVE-2025-3248 is a critical Langflow vulnerability (CVSS 9.8) that was exploited in June 2025 to distribute the Flodrix botnet malware, highlighting ongoing…
Flodrix is a botnet malware that was distributed via exploitation of CVE-2025-3248 in Langflow in June 2025, demonstrating the ongoing targeting of…
A high-severity path traversal vulnerability in Langflow, designated CVE-2026-5027 (CVSS 8.8), is being actively exploited in the wild. Discovered by Tenable, the…
A Langflow vulnerability exploited earlier in 2026 as part of a series of attacks targeting the AI platform.
CVE-2026-33017 is an unauthenticated remote code execution vulnerability in Langflow with a CVSS score of 9.3. It allows threat actors to execute…
A Langflow vulnerability exploited in 2026, part of a broader campaign targeting the platform.
Langflow is an AI application development platform that has been targeted by threat actors exploiting critical RCE vulnerabilities (CVE-2026-33017, CVE-2025-3248) to deploy…
A high-severity path traversal vulnerability in Langflow (CVSS 8.8) allows unauthenticated remote code execution via the POST /api/v2/files endpoint. Discovered by Tenable…
Langflow Origin Validation Error Vulnerability Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of…