一个影响Langflow的关键安全漏洞在公开披露后20小时内就遭到主动利用，突显了威胁行为者将新发布漏洞武器化的速度。 该安全缺陷被追踪为CVE-2026-33017（CVSS评分：9.3），是一个缺失身份验证结合代码注入的案例，可能导致远程代码执行。 根据Langflow对该漏洞的 ...

A critical flaw found in the open source Langflow platform was added to the US Cybersecurity and Infrastructure Security Agency’s (CISA's) Known Exploited Vulnerabilities (KEV) catalog. Langflow is a ...

这个Python解释器连接到模型的"工具"节点，除了将Pandas和Math库加入白名单外，我们没有改变解释器的标识符和描述以外的太多内容。 基于系统和用户提示中提供的信息，模型可以使用这个Python沙箱来执行代码片段并从数据集中提取见解。

Attackers are actively targeting a critical flaw in a popular Python-based Web app for building AI agents and workflows to unleash a powerful botnet that can cause full system compromise, distributed ...

Researchers from security firm Trend Micro warn that a critical remote code execution vulnerability patched in April in the Langflow AI agent framework is being exploited to deploy botnet malware. The ...

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description. The bug, CVE-2026 ...