CVE Tools
Back to feed
The Hacker News ·EN News source

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

By The Hacker News··3 min read
CVE Tools coverage

Attackers are exploiting CVE-2026-33017, an unauthenticated remote code execution issue in Langflow (CVSS 9.3), to gain initial access on internet-exposed AI application endpoints. Once triggered, the flaw enables deployment of a Monero cryptocurrency miner that disables host security components, persists via scheduling/cron, spreads through reused SSH credentials, and attempts to erase evidence. This matters because it turns reachable Langflow instances into a new entry point for commodity cryptojacking into enterprise environments.