Fetching from the wire…
Security2026-07-11 · source-backed
CVE-2026-33017 is an unauthenticated RCE (CVSS ~9.8) in Langflow's public flow-build endpoint. Attackers weaponized it within 20 hours of disclosure, before any public PoC, by reverse-engineering the advisory text. Exploitation systematically exfiltrated OpenAI, Anthropic, and AWS keys. Federal remediation deadline was July 10. Only upgrading to 1.9.0+ fixes it. The lesson isn't "Langflow bad," it's that your agent orchestration platform is now a credential vault sitting on a public endpoint. Treat it like one.
Each link below shares sources, entities, or timing with this story.
OpenAI supports MCP / Shared entities / Same source
Linked by a graph relationship (OpenAI supports MCP); both cover Anthropic, AWS, CISA, CVE; cite the same source (CVE-2026-33017).
LiteLLM supports OpenAI / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (LiteLLM supports OpenAI); both cover Attackers, AWS, CISA, CVE; overlapping topics (attacker, credential, deadline, langflow).
Anthropic partners with OpenAI / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Anthropic partners with OpenAI); both cover Anthropic, Attackers, CVSS, Langflow; overlapping topics (advisory, anthropic, attacker, hour, langflow).