CVE-2026-33017: Langflow RCE Lets Attackers Drain Crypto Wallets
A critical vulnerability in Langflow, a popular visual framework for building AI agents, allows unauthenticated attackers to execute arbitrary Python code and gain access to sensitive crypto wallet data.
Why it matters
This vulnerability poses a serious threat to the security of DeFi infrastructure, as it allows attackers to compromise critical AI-powered crypto management systems.
Key Points
- 1Langflow vulnerability (CVE-2026-33017) allows RCE with a single HTTP request
- 2Exploitation began within 20 hours of disclosure, before any public PoC
- 3Langflow is widely used to build AI agents that interact with crypto wallets, DEXes, and DeFi protocols
- 4Compromised Langflow instances give attackers access to all API keys, private keys, and RPC endpoints
Details
The vulnerability lies in the '/api/v1/build_public_tmp/{flow_id}/flow' endpoint, which allows unauthenticated users to build 'public' flows. Attackers can supply crafted flow data in the POST body, which Langflow will execute directly without any validation or sandboxing. This enables them to embed arbitrary Python code that can be used to steal sensitive crypto-related data. Langflow is a popular visual framework for building AI agents that interact with crypto wallets, DEX routers, and DeFi protocols. A compromised Langflow instance gives attackers full access to all the API keys, private keys, and RPC endpoints stored by the agent pipeline, allowing them to drain every crypto wallet the agent has touched.
No comments yet
Be the first to comment