CISA adds actively exploited Langflow flaw to KEV as unauthenticated RCE risk grows

CISA has added CVE-2026-33017, a critical Langflow vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. The flaw affects Langflow, an open-source low-code platform used to build AI and large language model workflows, and it can let unauthenticated attackers execute arbitrary code through a public flow-building endpoint. The risk is serious because the […] The post CISA adds actively exploited Langflow flaw to KEV as unauthenticated RCE risk grows appeared first on VPN Central.