Agents
Langflow becomes the first AI agent platform on CISA's KEV after 20-hour exploitation
In early July 2026 (federal remediation deadline July 10), Langflow became the first AI agent orchestration platform to land on CISA's Known Exploited Vulnerabilities catalog. The flaw, CVE-2026-33017, is an unauthenticated RCE (CVSS ~9.8) in Langflow's public flow-build endpoint that attackers weaponized within 20 hours of disclosure — before any public PoC — by reverse-engineering the advisory text. Exploitation systematically exfiltrated OpenAI, Anthropic, and AWS API keys; only upgrading to Langflow 1.9.0+ remediates.
Source
↳ Follow the thread