Critical Langflow Flaw Draws Attackers Within 20 Hours of Disclosure as AI Pipeline Security Gaps Widen
CVE-2026-33017, a CVSS 9.3 unauthenticated RCE in the open-source AI framework Langflow, was weaponized within 20 hours of its March 17 advisory with no public exploit code available.
4 min read2 sources