Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
By
[email protected] (The Hacker News)
4d ago
Source
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)
You might also wanna read
Critical RCE Vulnerability in OpenClaw AI Assistant (CVE-2026-25253) Allows Data and Key Theft
A technical security analysis reveals a critical remote code execution (RCE) vulnerability (CVE-2026-25253) in OpenClaw, a popular open-sour
Critical security flaws in LangGraph, Langflow, and LangChain expose 7,000+ servers to remote code execution
Check Point Research, Tenable, VulnCheck, and Cyera have discovered that three major AI agent frameworks — LangGraph, Langflow, and LangChai
OpenCode AI Coding Agent Hit with Critical Remote Code Execution Vulnerability
OpenCode, a popular open-source AI coding agent, was recently hit with a critical CVE (Common Vulnerabilities and Exposures) that allowed fo
Check Point Researchers Chain SQL Injection in LangGraph AI Agent Memory to Achieve Remote Code Execution
This article details a security research finding where Check Point researchers discovered and chained a SQL injection vulnerability in LangG
undercodetesting.com·12d agoWAF - WAF Release - 2025-05-19
Cloudflare·1y ago
Critical Gogs RCE bug (CVSS 9.4) remains unpatched; exploit module now public
A critical remote code execution (RCE) vulnerability rated 9.4/10 has been discovered in Gogs, a popular open-source self-hosted Git service

Comments
Sign in to join the conversation.
No comments yet. Be the first.