Langflow CVE-2026-33017 Exploited in 20 Hours, Highlighting Collapsing Time-to-Exploit
Threat actors weaponized a critical unauthenticated RCE vulnerability in the open-source Langflow framework within 20 hours of its advisory, using only the description to build exploits and harvest credentials.
Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description.
The bug, CVE-2026-33017, is an unauthenticated remote code execution (RCE) vulnerability in Langflow – an open-source visual framework for building AI agents and retrieval-augmented generation (RAG) pipelines. Given a CVSS score of 9.3, it allows attackers to execute arbitrary Python code on exposed Langflow instances, with no credentials required and only a single HTTP request.
Sysdig revealed in a blog post it had observed threat actors exploit the CVE within a day, despite the fact that no public proof-of-concept (PoC) code existed. “Attackers built working exploits directly from the advisory description and began scanning the internet for vulnerable instances,” said Sysdig. “Exfiltrated information included keys and credentials, which provided access to connected databases and potential software supply chain compromise.”
Sysdig said that CVE-2026-33017 is a particularly attractive target for exploitation as no authentication is required, there are plenty of exposed Langflow instances, and exploitation is relatively easy. Sysdig’s honeypots observed automated scanning from four source IPs, all sending the same payload, and therefore likely coming from the same attacker. Custom Python exploit scripts were ready to be delivered via a stage-2 dropper, indicating the attacker had a prepared exploitation toolkit. Credential harvesting included databases, API keys, cloud credentials, and configuration files.
Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 days in 2018 to just hours in 2024. It said that, by 2023, 44% of exploited vulnerabilities were weaponized within 24 hours of disclosure, and 80% of public exploits appeared before the official advisory was published. “This timeline compression poses serious challenges for defenders. The median time for organizations to deploy patches is approximately 20 days, meaning defenders are exposed and vulnerable for far too long,” Sysdig warned.
The report chimes with a study from Rapid7 published this week which revealed that the median time between publication of a vulnerability and its inclusion on CISA’s Known Exploited Vulnerabilities (KEV) catalog dropped from 8.5 days to five days over the past year. Mean time dropped from 61 days to 28.5 days, Rapid7 warned.
Organizations using Langflow should immediately apply patches or restrict network access to exposed instances. The incident underscores the need for faster patch deployment, robust vulnerability management programs, and proactive threat hunting to counter the accelerating exploitation timelines.