Langflow Hacked Twice Through Same exec() Call Vulnerability

The post reports that Langflow, a software tool, was compromised twice via the same remote code execution (RCE) vulnerability involving an exec() call. The flaw, tracked as CVE-2026-33017 with a CVSS score of 9.3, was exploited within 20 hours of discovery despite no public proof-of-concept (PoC) being available. The incidents highlight repeated exploitation of the same vulnerability. A linked blog post provides further details.