Critical Langflow flaw was exploited within 20 hours, exposing AI pipelines to unauthenticated RCE

A critical Langflow security flaw is already under active attack, and defenders had very little time to react. Langflow says CVE-2026-33017 allows unauthenticated remote code execution through its public flow build endpoint, while Sysdig says it saw the first real-world exploitation attempts roughly 20 hours after the advisory went live. The bug affects Langflow versions […] The post Critical Langflow flaw was exploited within 20 hours, exposing AI pipelines to unauthenticated RCE appeared first on VPN Central.