CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning of active exploitation of a critical vulnerability (CVE-2026-33017) in the Langflow framework, which allows for remote code execution and hijacking of AI workflows. Hackers began exploiting this flaw, which impacts versions 1.8.1 and earlier, shortly after its advisory was published, prompting CISA to add it to its list of Known Exploited Vulnerabilities and set a deadline for federal agencies to apply updates or mitigations.