Share
## https://sploitus.com/exploit?id=E826F46D-0F29-5B11-A45F-612BD8B22FD5
# Langflow RCE Exploitation Framework

**CVE-2026-33017** ยท Authorized security testing for Langflow remote code execution

[![Python](https://img.shields.io/badge/Python-3.10%2B-blue?logo=python&logoColor=white)](https://www.python.org/)
[![License](https://img.shields.io/badge/License-Authorized%20Use%20Only-red)](#disclaimer)
[![CVE](https://img.shields.io/badge/CVE-2026--33017-critical)](https://cve.mitre.org/)
[![Status](https://img.shields.io/badge/Status-Research-orange)](#)

> **Research & red-team tooling** for validating CVE-2026-33017 against Langflow instances you are explicitly authorized to assess. Not for unauthorized use.

---

## Disclaimer

This project is intended **only** for:

- Authorized penetration tests  
- Controlled lab / CTF environments  
- Defensive validation and patch verification  

**Unauthorized access to computer systems is illegal.** You are solely responsible for complying with applicable laws and obtaining written permission before testing any target. The authors accept no liability for misuse.

---

## Overview

Async Python framework for assessing Langflow deployments potentially affected by **CVE-2026-33017**. It supports vulnerability checks, payload-mode selection, automated assessment runs, and structured reporting for engagement documentation.

| Item | Detail |
|------|--------|
| CVE | CVE-2026-33017 |
| Target | Langflow |
| Suggested mitigation | Upgrade to Langflow **โ‰ฅ 1.9.0** |
| Language | Python 3.10+ |
| Version | 1.0.0 |
| Author | Sudeepa Wanigarathna |

---

## Features

- **Vulnerability check** โ€” non-destructive `--check-only` mode  
- **Multiple assessment modes** โ€” command execution, file operations, and advanced payload types  
- **Automated workflow** โ€” `--auto` / batch-oriented runs  
- **Reporting** โ€” text, JSON, HTML, and Markdown output  
- **Async HTTP client** โ€” built on `httpx` with configurable logging  

---

## Requirements

- Python **3.10+**
- Network access to the authorized target
- Valid Langflow `flow-id` and `client-id` for the test environment

---

## Installation

```bash
git clone https://github.com/CerberusMrXi/Langflow-cve-2026-33017-exploit
cd Langflow-cve-2026-33017-exploit

python3 -m venv venv
source venv/bin/activate   # Windows: venv\Scripts\activate

pip install -r requirements.txt
```

---

## Quick start

### Vulnerability check only

```bash
python exploit.py \
  -u http://127.0.0.1:7860 \
  -f  \
  -c  \
  --check-only
```

### Command execution (authorized lab)

```bash
python exploit.py \
  -u http://127.0.0.1:7860 \
  -f  \
  -c  \
  -t command_exec \
  --cmd "id"
```

### Generate a report

```bash
python exploit.py \
  -u http://127.0.0.1:7860 \
  -f  \
  -c  \
  -t command_exec \
  --cmd "uname -a" \
  --report markdown \
  --output-file report.md
```

---

## Usage

```text
python exploit.py -u URL -f FLOW_ID -c CLIENT_ID [options]
```

### Required arguments

| Flag | Description |
|------|-------------|
| `-u`, `--url` | Target base URL (e.g. `http://127.0.0.1:7860`) |
| `-f`, `--flow-id` | Langflow flow ID |
| `-c`, `--client-id` | Client ID cookie value |

### Payload / mode options

| Flag | Description |
|------|-------------|
| `-t`, `--payload-type` | `reverse_shell`, `bind_shell`, `command_exec`, `file_read`, `file_upload`, `persistence`, `priv_esc`, `data_exfil`, `meterpreter`, `webshell`, `all` (default: `reverse_shell`) |
| `-l`, `--lhost` | Listener host (auto-detected when omitted where applicable) |
| `-p`, `--lport` | Listener port (required for shell / meterpreter modes) |
| `--cmd` | Command string (`command_exec`) |
| `--file-path` | Path for file read/upload modes |
| `--file-data` | Upload content (`file_upload`) |

### Workflow options

| Flag | Description |
|------|-------------|
| `--auto` | Automated exploitation workflow |
| `--check-only` | Vulnerability check only |
| `--batch` | Batch mode |
| `--report` | `text` \| `json` \| `html` \| `markdown` |
| `--output-file` | Write report/output to a file |
| `-v`, `--verbose` | Verbose logging |
| `-q`, `--quiet` | Errors only |

---

## Project structure

```text
.
โ”œโ”€โ”€ exploit.py          # Main CLI & assessment engine
โ”œโ”€โ”€ requirements.txt    # Python dependencies
โ”œโ”€โ”€ README.md           # This file
โ””โ”€โ”€ venv/               # Local virtualenv (not for version control)
```

---

## Mitigation

If a target is vulnerable to CVE-2026-33017:

1. Upgrade Langflow to **1.9.0 or newer**
2. Restrict network exposure of Langflow admin/API interfaces
3. Rotate credentials and review access logs after any confirmed compromise assessment
4. Re-run `--check-only` to verify the patch

---

## Responsible use

- Test **only** systems you own or have written authorization to assess  
- Prefer `--check-only` before any payload mode  
- Keep engagement scope, evidence, and reports confidential as required by contract  
- Report findings through proper disclosure channels when applicable  

---

## Contributing

Contributions that improve reliability, reporting, detection accuracy, or defensive documentation are welcome. Open an issue or pull request with a clear description of the change and how it was validated in a lab environment.

---

## License

Provided for **authorized security testing and educational research only**.  
No warranty is provided. Use at your own risk and in compliance with the law.

---

## Author

**Sudeepa Wanigarathna**

---


  For authorized security research ยท CVE-2026-33017