← Back to feed

Active Exploitation of Langflow CVE-2026-33017 RCE: Monero Mining Campaign Targets Exposed AI Infrastructure (July 2026)

Date: 2026-07-04
Tags: malware, supply-chain

Executive Summary

Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner, weaponizing CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow. Any environment running Langflow and exposed to the internet is facing active exploitation of CVE-2026-33017. The campaign targets exposed AI application endpoints, establishing persistent cryptocurrency mining infrastructure on compromised hosts.

Campaign Summary

FieldDetail
Campaign / MalwareLangflow Monero Mining Exploitation (July 2026)
AttributionUnknown (confidence: none)
TargetOrganizations with exposed Langflow AI applications
VectorUnauthenticated RCE via CVE-2026-33017 (SSRF in vision-language module)
Statusactive
First Observed2026-07-01

Detailed Findings

The vulnerability, tracked as CVE-2026-33017 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data. A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models (LLMs), has come under active exploitation in the wild less than 13 hours after its public disclosure. CVE-2026-33017 in LMDeploy was exploited within 12 hours of disclosure, enabling attackers to use a vision-LLM endpoint for SSRF-based internal network scanning, cloud metadata access, and service enumeration. In early July 2026, the same vulnerability class emerged in Langflow with active Monero mining payload deployment.

MITRE ATT&CK Mapping

TechniqueIDContext
Exploit Public-Facing ApplicationT1190CVE-2026-33017 RCE in unpatched Langflow instances
Resource HijackingT1496Monero cryptocurrency mining via compromised AI infrastructure

IOCs

Domains

_No specific IOCs published in articles. Exploitation timeline: CVE disclosure ~April 2026, active wild exploitation documented early July 2026. Targets any internet-facing Langflow instance running vulnerable version._

Full URL Paths

_No specific IOCs published in articles. Exploitation timeline: CVE disclosure ~April 2026, active wild exploitation documented early July 2026. Targets any internet-facing Langflow instance running vulnerable version._

Splunk Format

_No IOCs available for Splunk query_

Affected Platforms

Langflow (unpatched versions vulnerable to CVE-2026-33017)

Detection Recommendations

Monitor for outbound connections from Langflow containers to mining pools (stratum protocol on common ports 3333, 9332-9334, 14433). Patch all Langflow instances to patched versions. Implement network segmentation to restrict Langflow egress. Monitor for anomalous CPU/memory consumption on Langflow hosts indicative of mining. Scan exposed Langflow instances on the internet for presence of CVE-2026-33017.

References