THREAT actors demonstrated how quickly they operate by exploiting a critical open-source vulnerability in Langflow, CVE-2026-33017, within 20 hours of the advisory description. The unauthenticated remote code execution (RCE) flaw affects Langflow, an open-source visual framework for building AI agents and retrieval-augmented generation pipelines, and carries a CVSS score of 9.3, enabling arbitrary Python code execution with no credentials and a single HTTP request.
Sysdig said attackers exfiltrated keys and credentials during the exploitation, providing access to connected databases and potential software supply chain compromise, and noted that the CVE is an attractive target given the number of exposed Langflow instances and the ease of exploitation; according to Sysdig, attackers built working exploits directly from the advisory description and began scanning the internet for vulnerable instances.
The firm’s honeypots captured automated scanning from four source IPs, plus a stage-2 dropper with ready-to-deliver Python exploit scripts and credential harvesting across databases, API keys, cloud credentials and configuration files. A Rapid7 study cited by the piece suggested the pace of exploitation is accelerating, with shifts in the time between disclosure and inclusion on security watchlists.