CISA Adds Langflow CVE To KEV

CISA issued an urgent warning March 25, 2026, adding CVE-2026-33017 to its Known Exploited Vulnerabilities catalog for Langflow after evidence of active exploitation. The vulnerability allows unauthenticated attackers to execute arbitrary code and create public flows by bypassing authentication, rooted in CWEs 94, 95 and 306. CISA mandates federal mitigations by April 8, 2026, and urges all organizations to apply vendor mitigations or discontinue use.