This module exploits CVE-2026-33017 by abusing Langflow's public temporary flow build endpoint to inject and execute a custom component. The component runs operating system commands through the Langflow Python process. If AUTO_LOGIN is enabled on the target, the module can automatically create a public flow. Otherwise, provide a known public FLOW ID. If no FLOW ID is provided, the module can use AUTO_LOGIN to obtain an access token and create a public Langflow flow. The module then submits a crafted temporary custom component to the /api/v1/build_public_tmp/{flow_id}/flow endpoint. That component executes operating system commands through the Langflow Python process and returns command output through Langflow build events. When DEPLOY OSCI AGENT is enabled, the module commits an OSCI agent that reuses the same Langflow primitive to relaunch commands later. When DEPLOY NETWORK AGENT is enabled, the module stages an Impact payload from the embedded web server and launches it through the vulnerable Langflow service. The module polls Langflow job events to track execution and confirm whether command execution or agent deployment succeeded. The deployed agent will run with the privileges of the Langflow service account.
CVE Link
Exploit Type
Product Name