logo

Langflow RCE Vulnerability Leads to Monero Cryptominer Deployment

ID: 6644f0d8-a49d-5696-a0d1-d933a3d38906

STIX ID: report--6644f0d8-a49d-5696-a0d1-d933a3d38906

Feed Name: ThreatCluster

Threat Score
70/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

...
...

Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated RCE in Langflow disclosed on March 20, 2026, to compromise internet-exposed AI application servers and silently deploy customized Monero cryptominers; exploitation has been observed since March 25, 2026, and organizations running Langflow should urgently assess exposure and apply mitigations.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.