× EU ICT Risk Newsroom DORA News On the Horizon ΑΙ Cybersec Space Cyber Alerts GDPR News EU CERT Advisories ICT Governance ESA/NCAs Contact
Switch to Greek 🔍

CISA warns of Langflow RCE, Trivy supply chain compromise after rapid exploitation

Newsroom - 27 March 2026 - 12:43

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog. These include CVE-2026-33017, a code injection flaw in Langflow, an open-source framework for building AI agents and workflows. The second is CVE-2026-33634, an embedded malicious code vulnerability in Aqua Security’s Trivy security scanner.

CISA warns of Langflow RCE, Trivy supply chain compromise after rapid exploitation
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog. These include CVE-2026-33017, a code injection flaw in Langflow, an open-source framework for building AI agents and workflows. The second is CVE-2026-33634, an embedded malicious code vulnerability in Aqua Security’s Trivy security scanner. Their inclusion in the catalog mandates US federal civilian agencies to address these flaws by April 8 and 9.
CISA Langflow Trivy Vulnerabilities

Subscribe for EU DORA and Banking ICT Risk news and insights