Langflow carries the highest priority item in this rollup: a CISA KEV-listed critical unauthenticated code injection flaw (CVE-2026-33017, CVSS 9.8) confirmed actively exploited in the wild with a remediation deadline of 2026-04-08. Any internet-exposed Langflow instance is at immediate risk of full remote code execution without credentials. Organizations should restrict external access to Langflow endpoints immediately and apply the vendor patch once confirmed via official Langflow GitHub releases.