Skip to content

Commit a1dc7df

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent 6088187 commit a1dc7df

File tree

1 file changed

+29
-5
lines changed

1 file changed

+29
-5
lines changed

advisories/github-reviewed/2026/03/GHSA-vwmf-pq79-vjvx/GHSA-vwmf-pq79-vjvx.json

Lines changed: 29 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-vwmf-pq79-vjvx",
4-
"modified": "2026-03-17T20:05:05Z",
4+
"modified": "2026-03-24T21:58:04Z",
55
"published": "2026-03-17T20:05:05Z",
66
"aliases": [
77
"CVE-2026-33017"
@@ -11,7 +11,7 @@
1111
"severity": [
1212
{
1313
"type": "CVSS_V4",
14-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L"
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A"
1515
}
1616
],
1717
"affected": [
@@ -28,31 +28,55 @@
2828
"introduced": "0"
2929
},
3030
{
31-
"last_affected": "1.8.1"
31+
"fixed": "1.8.2"
3232
}
3333
]
3434
}
35-
]
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 1.8.1"
38+
}
3639
}
3740
],
3841
"references": [
3942
{
4043
"type": "WEB",
4144
"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx"
4245
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33017"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://github.com/langflow-ai/langflow/pull/12160"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0"
57+
},
4358
{
4459
"type": "PACKAGE",
4560
"url": "https://github.com/langflow-ai/langflow"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896"
65+
},
66+
{
67+
"type": "WEB",
68+
"url": "https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours"
4669
}
4770
],
4871
"database_specific": {
4972
"cwe_ids": [
5073
"CWE-306",
74+
"CWE-94",
5175
"CWE-95"
5276
],
5377
"severity": "CRITICAL",
5478
"github_reviewed": true,
5579
"github_reviewed_at": "2026-03-17T20:05:05Z",
56-
"nvd_published_at": null
80+
"nvd_published_at": "2026-03-20T05:16:15Z"
5781
}
5882
}

0 commit comments

Comments
 (0)