Ai-Tooling

• LangChain and LangGraph CVEs Expose Files, Secrets, and Conversation History Across 84 Million Weekly Downloads March 27, 2026

  Three CVEs in LangChain and LangGraph - path traversal, serialization injection, and SQL injection - expose files, environment secrets, and conversation history in frameworks downloaded 84 million times per week.

• Langflow CVE-2026-33017: Unauthenticated RCE Exploited Within 20 Hours, Now on CISA KEV March 26, 2026

  CVE-2026-33017 is a CVSS 9.3 unauthenticated RCE in Langflow's public flow build endpoint. Attackers were scanning and exploiting within 20 hours of disclosure -- with no public PoC. CISA added it to the KEV catalog on March 25. If you run Langflow, upgrade to v1.9.0 now.