Share
## https://sploitus.com/exploit?id=E826F46D-0F29-5B11-A45F-612BD8B22FD5
# Langflow RCE Exploitation Framework
**CVE-2026-33017** ยท Authorized security testing for Langflow remote code execution
[](https://www.python.org/)
[](#disclaimer)
[](https://cve.mitre.org/)
[](#)
> **Research & red-team tooling** for validating CVE-2026-33017 against Langflow instances you are explicitly authorized to assess. Not for unauthorized use.
---
## Disclaimer
This project is intended **only** for:
- Authorized penetration tests
- Controlled lab / CTF environments
- Defensive validation and patch verification
**Unauthorized access to computer systems is illegal.** You are solely responsible for complying with applicable laws and obtaining written permission before testing any target. The authors accept no liability for misuse.
---
## Overview
Async Python framework for assessing Langflow deployments potentially affected by **CVE-2026-33017**. It supports vulnerability checks, payload-mode selection, automated assessment runs, and structured reporting for engagement documentation.
| Item | Detail |
|------|--------|
| CVE | CVE-2026-33017 |
| Target | Langflow |
| Suggested mitigation | Upgrade to Langflow **โฅ 1.9.0** |
| Language | Python 3.10+ |
| Version | 1.0.0 |
| Author | Sudeepa Wanigarathna |
---
## Features
- **Vulnerability check** โ non-destructive `--check-only` mode
- **Multiple assessment modes** โ command execution, file operations, and advanced payload types
- **Automated workflow** โ `--auto` / batch-oriented runs
- **Reporting** โ text, JSON, HTML, and Markdown output
- **Async HTTP client** โ built on `httpx` with configurable logging
---
## Requirements
- Python **3.10+**
- Network access to the authorized target
- Valid Langflow `flow-id` and `client-id` for the test environment
---
## Installation
```bash
git clone https://github.com/CerberusMrXi/Langflow-cve-2026-33017-exploit
cd Langflow-cve-2026-33017-exploit
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txt
```
---
## Quick start
### Vulnerability check only
```bash
python exploit.py \
-u http://127.0.0.1:7860 \
-f \
-c \
--check-only
```
### Command execution (authorized lab)
```bash
python exploit.py \
-u http://127.0.0.1:7860 \
-f \
-c \
-t command_exec \
--cmd "id"
```
### Generate a report
```bash
python exploit.py \
-u http://127.0.0.1:7860 \
-f \
-c \
-t command_exec \
--cmd "uname -a" \
--report markdown \
--output-file report.md
```
---
## Usage
```text
python exploit.py -u URL -f FLOW_ID -c CLIENT_ID [options]
```
### Required arguments
| Flag | Description |
|------|-------------|
| `-u`, `--url` | Target base URL (e.g. `http://127.0.0.1:7860`) |
| `-f`, `--flow-id` | Langflow flow ID |
| `-c`, `--client-id` | Client ID cookie value |
### Payload / mode options
| Flag | Description |
|------|-------------|
| `-t`, `--payload-type` | `reverse_shell`, `bind_shell`, `command_exec`, `file_read`, `file_upload`, `persistence`, `priv_esc`, `data_exfil`, `meterpreter`, `webshell`, `all` (default: `reverse_shell`) |
| `-l`, `--lhost` | Listener host (auto-detected when omitted where applicable) |
| `-p`, `--lport` | Listener port (required for shell / meterpreter modes) |
| `--cmd` | Command string (`command_exec`) |
| `--file-path` | Path for file read/upload modes |
| `--file-data` | Upload content (`file_upload`) |
### Workflow options
| Flag | Description |
|------|-------------|
| `--auto` | Automated exploitation workflow |
| `--check-only` | Vulnerability check only |
| `--batch` | Batch mode |
| `--report` | `text` \| `json` \| `html` \| `markdown` |
| `--output-file` | Write report/output to a file |
| `-v`, `--verbose` | Verbose logging |
| `-q`, `--quiet` | Errors only |
---
## Project structure
```text
.
โโโ exploit.py # Main CLI & assessment engine
โโโ requirements.txt # Python dependencies
โโโ README.md # This file
โโโ venv/ # Local virtualenv (not for version control)
```
---
## Mitigation
If a target is vulnerable to CVE-2026-33017:
1. Upgrade Langflow to **1.9.0 or newer**
2. Restrict network exposure of Langflow admin/API interfaces
3. Rotate credentials and review access logs after any confirmed compromise assessment
4. Re-run `--check-only` to verify the patch
---
## Responsible use
- Test **only** systems you own or have written authorization to assess
- Prefer `--check-only` before any payload mode
- Keep engagement scope, evidence, and reports confidential as required by contract
- Report findings through proper disclosure channels when applicable
---
## Contributing
Contributions that improve reliability, reporting, detection accuracy, or defensive documentation are welcome. Open an issue or pull request with a clear description of the change and how it was validated in a lab environment.
---
## License
Provided for **authorized security testing and educational research only**.
No warranty is provided. Use at your own risk and in compliance with the law.
---
## Author
**Sudeepa Wanigarathna**
---
For authorized security research ยท CVE-2026-33017