Langflow RCE Vulnerability Leads to Monero Cryptominer Deployment
ID: 6644f0d8-a49d-5696-a0d1-d933a3d38906
STIX ID: report--6644f0d8-a49d-5696-a0d1-d933a3d38906
Feed Name: ThreatCluster
Threat Score
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated RCE in Langflow disclosed on March 20, 2026, to compromise internet-exposed AI application servers and silently deploy customized Monero cryptominers; exploitation has been observed since March 25, 2026, and organizations running Langflow should urgently assess exposure and apply mitigations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
