This module exploits CVE-2026-33017 by abusing Langflow's public temporary flow build endpoint to inject and execute a custom component. The component runs operating system commands through the Langflow Python process. If AUTO_LOGIN is enabled on the target, the module can automatically create a public flow. Otherwise, provide a known public FLOW ID. If no FLOW ID is provided, the module can use AUTO_LOGIN to obtain an access token and create a public Langflow flow. The module then submits a crafted temporary custom component to the /api/v1/build_public_tmp/{flow_id}/flow endpoint. That component executes operating system commands through the Langflow Python process and returns command output through Langflow build events. When DEPLOY OSCI AGENT is enabled, the module commits an OSCI agent that reuses the same Langflow primitive to relaunch commands later. When DEPLOY NETWORK AGENT is enabled, the module stages an Impact payload from the embedded web server and launches it through the vulnerable Langflow service. The module polls Langflow job events to track execution and confirm whether command execution or agent deployment succeeded. The deployed agent will run with the privileges of the Langflow service account.
SugarCRM is vulnerable due to a user input passed through a request parameter is not properly sanitized before being used in a call to the "unserialize()" function. This can be exploited to inject arbitrary PHP objects into the application scope, and could allow unauthenticated attackers to execute arbitrary PHP code via specially crafted serialized objects. Successful exploitation of this vulnerability requires the application running on PHP before version 5.6.25 or 7.0.10. The attack will not leave any trace. This exploit installs an OS Agent.
Subscribe to Insecure Deserialization