Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
8h
Multiple OpenWebUI AI servers infected with cryptominers and infostealers stayed up for over a year
Researchers discovered OpenWebUI 98 instances that lacked any authentication 45 had already been compromised, and 33 showed ...
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results