Agents
JFrog Confirms Langflow CVE-2026-33017 'Fix' in v1.8.2 Is Still Fully Exploitable — No Patch Exists in Any Released Version
JFrog Security Research verified that Langflow v1.8.2 — widely reported as patched for CVE-2026-33017 (CVSS 9.8 critical RCE) — remains fully exploitable. After reviewing all commits in v1.8.2, researchers found no actual patch and confirmed exploitation using the public PoC against both PyPI and Docker environments. The only fix exists in unreleased langflow-nightly 1.9.0.dev18, which removes the injectable data parameter entirely. With CISA mandating remediation by April 8 and Sysdig observing exploitation within 20 hours of disclosure, this means every production Langflow deployment is still vulnerable.
↳ Follow the thread