CyberSecurity News
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
AI summary
Threat actors are exploiting a critical vulnerability in Langflow to deploy a Monero cryptocurrency miner. The vulnerability, which has a CVSS score of 9.3, allows for unauthenticated remote code execution. It is being used in attacks targeting exposed artificial intelligence application endpoints. The exploitation involves scanning for and targeting vulnerable Langflow instances. The vulnerability is identified as CVE-2026-33017. Threat actors are continuing to use this vulnerability in fresh attacks.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.