RESEARCHERS have observed active attacks exploiting a critical remote code execution flaw in Langflow to install a Monero cryptocurrency miner on exposed AI application endpoints, with the campaign first seen on 27 June 2026 and last detected on 30 June 2026.
The vulnerability, tracked as CVE-2026-33017 and rated CVSS 9.3 critical, permits unauthenticated remote code execution through a specially crafted request to the Langflow API as detailed by The Hacker News. Affected versions are those prior to the vendor’s security update, allowing attackers to run arbitrary commands without authentication.
Threat actors scan the internet for publicly reachable Langflow instances, deliver a payload that drops a modified KORKERDS/MALXMR variant, and use the flaw to bypass login mechanisms according to SecurityOnline. The miner establishes persistence by abusing SSH keys, disables local security controls and attempts to spread to other systems via stolen credentials.
The activity has been seen in the wild with no specific threat actor identified, but the goal is clear: hijack compute resources to generate Monero while remaining stealthy enough to avoid immediate detection. Infected servers experience noticeable performance degradation and increased cloud costs due to sustained mining activity.
This incident fits a broader trend of malicious actors targeting low‑code AI orchestration platforms that are often deployed with minimal hardening. It demonstrates how quickly attackers pivot to new services once a vulnerability is disclosed, especially when those services provide convenient access to powerful processing power.
Defenders should apply the Langflow patch released by the vendor without delay and restrict administrative interfaces to trusted networks using firewalls or VPNs. Strong multi‑factor authentication must be enforced on any remaining exposed services, and unnecessary features should be disabled to reduce the attack surface.
Additionally, organisations should monitor outbound traffic for connections to known mining pools, audit SSH key usage for anomalies, and maintain an up‑to‑date asset inventory to quickly identify unpatched instances. Deploying endpoint detection and response tools that can flag the behavioural signatures of cryptominers will help catch any missed infections before they cause significant harm.