The Hacker News ·EN News source
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
CVE Tools coverage
Attackers are exploiting CVE-2026-33017, an unauthenticated remote code execution issue in Langflow (CVSS 9.3), to gain initial access on internet-exposed AI application endpoints. Once triggered, the flaw enables deployment of a Monero cryptocurrency miner that disables host security components, persists via scheduling/cron, spreads through reused SSH credentials, and attempts to erase evidence. This matters because it turns reachable Langflow instances into a new entry point for commodity cryptojacking into enterprise environments.