Langflow Code Injection Added to CISA KEV Catalog as Active Exploitation Confirmed
CISA has added CVE-2026-33017, a code injection vulnerability in Langflow, to its Known Exploited Vulnerabilities Catalog based on confirmed active exploitation. Code injection vulnerabilities represent a direct path to remote code execution and are frequently weaponised by threat actors.
CVE References
Affected
CISA's addition of CVE-2026-33017 to the Known Exploited Vulnerabilities Catalog signals that this Langflow code injection vulnerability is not theoretical. Active exploitation has been observed in the wild, which places it in the highest priority band for defenders working under Binding Operational Directive 22-01.
Code injection vulnerabilities in end-user focused applications like Langflow present a particular risk because they often sit at the boundary between user-controlled input and system execution contexts. Langflow is a low-code platform for building language model applications, meaning it attracts organisations with limited security maturity who may not be equipped to patch rapidly or detect exploitation attempts.
The vulnerability allows attackers to inject and execute arbitrary code, nearly always resulting in complete system compromise. In the context of Langflow deployments, this could provide access to stored API keys, model configurations, and user data. For organisations using Langflow in production workflows, compromise could also cascade into connected systems and data pipelines.
Defenders should immediately identify Langflow instances in their environment and apply available patches without delay. This is particularly urgent for organisations running Langflow with internet-facing interfaces or within network segments containing sensitive data. Monitor logs for suspicious input patterns or unexpected code execution activity. Organisations unable to patch immediately should consider temporary network isolation or access restrictions.
The inclusion in CISA's catalog also signals that federal partners and contractors using Langflow face compliance obligations to remediate. This will likely accelerate patch adoption across enterprise deployments and may prompt security vendors to develop detection content. The broader lesson is that low-code and no-code platforms, whilst improving development velocity, introduce new attack surfaces that security teams must actively monitor.
Sources