Langflow versions 1.8.1 and earlier are actively exploited, with confirmed attacks beginning within 20 hours of public disclosure of CVE-2026-33017 (CVSS 9.5), a critical unauthenticated remote code execution flaw chaining code injection, missing authentication on API endpoints, and OS command injection. Attackers are observed scanning, achieving initial access, executing code, and stealing pipeline credentials in a single automated sequence; CVE-2025-3248 shares the same attack surface and should be remediated concurrently. Immediate actions: isolate all internet-facing Langflow instances, patch to the vendor-confirmed clean release, rotate all secrets accessible within affected pipelines, and enforce network-level access controls before restoring external exposure.