Discussion: If you self-host Langflow, update now. CVE-2026-33017 is unauthenticated RCE exploited in 20 hours.

Saw an interesting discussion on r/selfhosted about this — wanted to bring it here. **Original topic:** If you self-host Langflow, update now. CVE-2026-33017 is unauthenticated RCE exploited in 20 hours. Attackers harvested API keys from live instances. > Langflow, the open-source AI workflow builder (145K GitHub stars), has a critical unauthenticated remote code execution vulnerability. Attackers exploited it within 20 hours of disclosure with no public PoC code. If you run Langflow on your own hardware, this affects you directly. The vulnerable en... What are your thoughts? --- *Discuss more at [0n MCP](https://0nmcp.com) — the hub for [AI-powered workflow automation](https://0nmcp.com).*