Security researchers at Trend Micro have discovered and analyzed a cryptocurrency-mining campaign exploiting CVE-2026-33017, an unauthenticated remote code execution (RCE) vulnerability in the Langflow AI application framework. The novel aspect of the campaign is that the attackers have shifted to targeting exposed AI application endpoints as the initial access vector.
The attack begins with an unauthenticated POST request to Langflow's /api/v1/build_public_tmp/{flow_id}/flow endpoint, where attacker-controlled Python code is executed. The exploit runs a simple command that downloads and executes a shell script, which retrieves a customized cryptominer and starts it in the background.
The shell script creates a hidden directory under /var/tmp/.xlamb/, downloads a binary named lambsys, and launches it. It also attempts to spread to other systems by searching for SSH keys and authenticating to reachable hosts.
Once running, the Go-based, UPX-packed malware disables Linux security controls, terminates competing cryptocurrency miners, establishes cron-based persistence, and connects to its command-and-control (C&C) server. The malware checks for rival miners and, if found, removes them before beginning crypto mining.
Trend Micro observed the attackers using the same hardcoded flow_id in every exploitation attempt over a 19-day period.
Researchers noted that this is the second major security issue affecting Langflow in nearly a year. In 2025, threat actors exploited CVE-2025-3248 code injection flaw to deploy Flodrix DDoS botnet malware.