‼️ CISA has added 1 vulnerability to the KEV Catalog. CVE-2026-33017: Langflow Code Injection Vu...

Summary

CISA has added CVE-2026-33017, a code injection vulnerability in Langflow, to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild. Langflow is an open-source low-code platform for building AI applications. The addition to the KEV Catalog signals that this vulnerability is being actively leveraged by threat actors and organizations should prioritize patching.

Indicators of Compromise

• cve — CVE-2026-33017
• malware — Langflow