CISA Sounds Alarm on Langflow RCE & Trivy Supply Chain Compromise, title: Langflow RCE, Trivy vulnerability, supply chain attack

Post Views: 12

Urgent Warning from CISA Regarding Newly Identified Vulnerabilities

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has recently issued an urgent warning about two newly discovered vulnerabilities: CVE-2026-33017 and CVE-2026-33634. These vulnerabilities are now included in the CISA Known Exploited Vulnerabilities catalog, necessitating that federal civilian agencies take action within specific timeframes.

According to the CISA warning, CVE-2026-33017 is a code injection flaw affecting Langflow, an open-source platform used for creating AI agents and workflows, in versions 1.8.2 and earlier. This allows attackers to run code remotely on a Langflow instance through a public flow build endpoint without any form of authentication. The vulnerability was made public on March 17, 2026, and within 20 hours, the Sysdig Threat Research Team observed initial exploitation attempts in the wild. Attackers created working exploits directly from the advisory description and started scanning the internet for vulnerable instances, extracting sensitive information like keys and credentials, which gave them access to linked databases and could potentially have compromised the software supply chain.

CVE-2026-33634: Supply Chain Compromise Involving Trivy Scanner

A second vulnerability, CVE-2026-33634, involves a supply chain compromise related to the Trivy security scanner. On March 19, 2026, attackers associated with TeamPCP forced-push a malicious Trivy v0.69.4 release, changed version tags in aquasecurity/trivy-action to credential-stealing malware, altered all tags in aquasecurity/setup-trivy with malicious commits, and pushed out malicious trivy images on Docker Hub. This attack may have contributed to the LiteLLM supply chain attack, leading to compromised LiteLLM packages being published on PyPI. Aqua Security has provided guidance for affected users and developers.

Aqua Security has released remediation instructions for impacted users and developers. The German Federal Office for Information Security (BSI) has reported a number of compromises related to the Trivy attack, stating that no data is believed to have been extracted during this incident.