Your AI pipeline is a crypto mine now. 145,000 GitHub stars can't save you.

Langflow has 145,000 GitHub stars.

It powers AI agent workflows and RAG pipelines across enterprise data science teams worldwide.

CVE-2026-33017 lets attackers execute arbitrary Python code on any exposed instance with a single HTTP request. No credentials. No authentication.

The first exploit arrived 20 hours after disclosure.

Now a new cryptominer campaign is actively weaponizing unpatched Langflow servers.

The malware rewrites the KORKERDS playbook in Go. It creates a kill list targeting 39 rival malware families. It steals environment variables, cloud API keys, database credentials, and service tokens. Then it deploys a miner and propagates via SSH to every connected system.

Your median patch time is 20 days.

Attackers exploit in 20 hours.

If your team runs Langflow, upgrade to version 1.9.0 today. Restrict the /build_public_tmp endpoint. Rotate every API key and cloud credential stored in environment variables. Treat any exposed instance as compromised.

This is not a hypothetical. Enterprise AI infrastructure is the new attack surface. The vulnerability is old. The campaign is new. The credentials are walking out the door right now.