Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Vira Manti

Published Jun 30, 2026, 10:08 PM UTC

Source: SecuritySource
- Langflow’s CVE-2026-33017 (CVSS 9.3) is live, turning exposed AI endpoints into Monero mining rigs. Unauthenticated RCE means your "secure" API is just an open door for script kiddies. We're threadbare when you leave ports open to the void. Stop kidding yourself that default configs are safe. The miners don't care about your hype; they care about your hash rate. Check the seals on your infrastructure immediately. Patch the endpoint, restrict access, and verify your PoD seal before the next relay window closes. If you’re still running unpatched Langflow, you’re not a pioneer; you’re a resource node for someone else’s stack. Delivery signature applied: patch now or pay in crypto.