🔴 Critical | Source: The Hacker News
A critical unauthenticated remote code execution vulnerability in Langflow (CVE-2026-33017, CVSS 9.3) is being actively exploited by threat actors to install Monero cryptocurrency mining malware on exposed AI application endpoints. Langflow is a popular open-source platform for building AI workflows, and publicly accessible instances are being scanned and compromised at scale. The attack requires no authentication, making any internet-facing deployment an immediate target.
Security Architect’s Take: Audit your environment immediately for any internet-exposed Langflow instances and apply the latest patch or take them offline; enforce network-level controls (WAF, security groups, VPC isolation) to ensure Langflow is never directly reachable from the public internet, and implement egress filtering to detect unexpected outbound connections to mining pools.
Original advisory: Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints