ELEVATED 4 min read 2 Jul 2026

Langflow CVE-2026-33017 Leads Today's Incident Response Queue

Today's intelligence is consolidated into 10 priority findings plus 1 update to an ongoing story. 19 further items tracked below.

Key findings
01
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints CVE-2026-33017
CRITICAL
CVSS 9.3 critical · CWE-94 Code Injection · EPSS 100th percentile · CISA KEV (actively exploited). Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, i Known Exploited (CISA KEV).
02
Rancher Fleet can disclose secrets across namespaces and CVE-2026-44935
CRITICAL
CVSS 9.9 critical · CWE-863 Incorrect Authorization. Classification: NEW. Rancher Fleet has a GHSA for cross-namespace secret disclosure through Helm Deployer valuesFrom use. Treat it as owner assignment unless the advisory names exploitation or a direct response step.
03
Rancher command injection through unsanitized YAML parameter and CVE-2026-44939
CRITICAL
CVSS 9.4 critical · CWE-95 Eval Injection · EPSS 62th percentile. Classification: NEW. The Rancher GHSA describes command injection through an unsanitised YAML parameter. Treat it as owner assignment unless the advisory names exploitation or a direct response step.
04
Adobe ColdFusion WID-SEC-2026-2155 and CVE-2026-48276 gains CERT-FR and CERT-Bund routing
CRITICAL
CVSS 10 critical · CWE-434 Unrestricted Upload of File with Dangerous Type · EPSS 56th percentile. Classification: NEW. ColdFusion now has dual CERT-FR and CERT-Bund routing, raising routing confidence for European patch teams. Treat it as owner assignment unless the advisory names exploitation or a direct response step.
05
Cursor DuneSlide CVE-2026-50548/CVE-2026-50549 lets prompt injection escape sandbox
CRITICAL
CVSS 9.3 critical · CWE-22 Path Traversal · EPSS 46th percentile. Classification: NEW. Cursor DuneSlide links prompt injection to sandbox escape in developer workflows, with a vendor GHSA patch anchor. Treat it as owner assignment unless the advisory names exploitation or a direct response step.
06
Ghost frontend cache-poisoning XSS via x-ghost-preview header and CVE-2026-53943
CRITICAL
CVSS 9.6 critical · CWE-524 · EPSS 16th percentile. Classification: NEW. Ghost has a GHSA for preview-header cache poisoning that can lead to frontend XSS. Treat it as owner assignment unless the advisory names exploitation or a direct response step.
07
Progress Kemp LoadMaster CVE-2026-8037 exploitation attempts begin
CRITICAL
CVSS 9.6 critical · CWE-77 Command Injection · EPSS 94th percentile. Classification: UPDATED. Today's delta is active exploitation attempts against Progress Kemp LoadMaster. eSentire reports exploitation attempts, IOCs and fixed versions, which moves the item into immediate patch and hunt work.
08
MSRC CVE-2026-10097 ML-KEM-1024 ciphertext comparison weakness
LOW
CWE-697 Incorrect Comparison · EPSS 6th percentile. Classification: NEW. MSRC has published a cryptography weakness affecting ML-KEM-1024 implementation paths. Treat it as owner assignment unless the advisory names exploitation or a direct response step.
09
Citrix NetScaler WID-SEC-2026-2147 and CVE-2026-10816 patch batch reaches EU routing
HIGH
CVSS 7.1 high · CWE-73 · EPSS 13th percentile. Classification: NEW. NetScaler ADC and Gateway patch routing now appears through both CERT-FR and CERT-Bund. Treat it as owner assignment unless the advisory names exploitation or a direct response step.
10
IBM WebSphere Liberty WID-SEC-2026-2156 and CVE-2026-11546 enters app-server routing
HIGH
CVSS 7.1 high · CWE-918 Server-Side Request Forgery · EPSS 12th percentile. Classification: NEW. WebSphere Liberty appears in app-server routing and belongs with middleware owner checks. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints CVE-2026-33017

Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, i Known Exploited (CISA KEV).

Sources: https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html

Rancher Fleet can disclose secrets across namespaces and CVE-2026-44935

Classification: NEW. Rancher Fleet has a GHSA for cross-namespace secret disclosure through Helm Deployer valuesFrom use. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Recommended action: Review Fleet Helm Deployer valuesFrom use and patch.

Identifiers: CVE-2026-44935

Sources: [GitHub advisory GHSA-xr65-5cpm-g36x](https://github.com/advisories/GHSA-xr65-5cpm-g36x)

Rancher command injection through unsanitized YAML parameter and CVE-2026-44939

Classification: NEW. The Rancher GHSA describes command injection through an unsanitised YAML parameter. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Recommended action: Route Rancher patch or mitigation to platform owners.

Identifiers: CVE-2026-44939

Sources: [GitHub advisory GHSA-mhc6-2gfq-xx62](https://github.com/advisories/GHSA-mhc6-2gfq-xx62)

Adobe ColdFusion WID-SEC-2026-2155 and CVE-2026-48276 gains CERT-FR and CERT-Bund routing

Classification: NEW. ColdFusion now has dual CERT-FR and CERT-Bund routing, raising routing confidence for European patch teams. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Recommended action: Route ColdFusion APSB26-68/CVE-2026-48276 patch checks.

Identifiers: CVE-2026-48276 / WID-SEC-2026-2155

Sources: [CERT-FR advisory CERTFR-2026-AVI-0821](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0821/); [CERT-Bund advisory WID-SEC-2026-2155](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2155)

Cursor DuneSlide CVE-2026-50548/CVE-2026-50549 lets prompt injection escape sandbox

Classification: NEW. Cursor DuneSlide links prompt injection to sandbox escape in developer workflows, with a vendor GHSA patch anchor. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Recommended action: Update Cursor to 3.0 and restrict MCP-enabled workflows.

Identifiers: CVE-2026-50548 / CVE-2026-50549

Sources: [The Hacker News report](https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html); [Cursor security advisory](https://github.com/cursor/cursor/security/advisories/GHSA-3v8f-48vw-3mjx)

Ghost frontend cache-poisoning XSS via x-ghost-preview header and CVE-2026-53943

Classification: NEW. Ghost has a GHSA for preview-header cache poisoning that can lead to frontend XSS. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Recommended action: Patch Ghost publishing frontends.

Identifiers: CVE-2026-53943

Sources: [GitHub advisory GHSA-62q6-4hv4-vjrw](https://github.com/advisories/GHSA-62q6-4hv4-vjrw)

Progress Kemp LoadMaster CVE-2026-8037 exploitation attempts begin

Classification: UPDATED. Today's delta is active exploitation attempts against Progress Kemp LoadMaster. eSentire reports exploitation attempts, IOCs and fixed versions, which moves the item into immediate patch and hunt work.

Recommended action: Patch to GA 7.2.63.2 or LTSF 7.2.54.18 and hunt listed IOC IPs.

Identifiers: CVE-2026-8037

Sources: [eSentire advisory](https://www.esentire.com/security-advisories/progress-kemp-loadmaster-vulnerability-targeted-cve-2026-8037); [The Hacker News report](https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html)

MSRC CVE-2026-10097 ML-KEM-1024 ciphertext comparison weakness

Classification: NEW. MSRC has published a cryptography weakness affecting ML-KEM-1024 implementation paths. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Recommended action: Map affected cryptography dependencies and vendor SDKs.

Identifiers: CVE-2026-10097

Sources: [MSRC advisory CVE-2026-10097](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10097)

Citrix NetScaler WID-SEC-2026-2147 and CVE-2026-10816 patch batch reaches EU routing

Classification: NEW. NetScaler ADC and Gateway patch routing now appears through both CERT-FR and CERT-Bund. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Recommended action: Verify NetScaler ADC/Gateway fixed versions.

Identifiers: CVE-2026-10816 / WID-SEC-2026-2147

Sources: [CERT-FR advisory CERTFR-2026-AVI-0822](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0822/); [CERT-Bund advisory WID-SEC-2026-2147](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2147)

IBM WebSphere Liberty WID-SEC-2026-2156 and CVE-2026-11546 enters app-server routing

Classification: NEW. WebSphere Liberty appears in app-server routing and belongs with middleware owner checks. Treat it as owner assignment unless the advisory names exploitation or a direct response step.

Recommended action: Route WebSphere Liberty patch validation.

Identifiers: CVE-2026-11546 / WID-SEC-2026-2156

Sources: [CERT-Bund advisory WID-SEC-2026-2156](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2156)

Also tracked

  • MSRC KubeVirt CVE-2026-13325 disableTLS migration exposure · CVE-2026-13325 · High
  • CERT-Bund Chrome WID-SEC-2026-2143 and CVE-2026-13774 high-severity batch · CVE-2026-13774 · High
  • sigstore verification constraints can be silently dropped and CVE-2026-48815 and · CVE-2026-48815 · High
  • Apify MCP server path authority injection can leak Apify tokens and · CVE-2026-50143 · High
  • oras-go blob upload can forward credentials through Location redirects and · CVE-2026-50151 · High
  • oras-go file store and tar extraction can escape intended directories and CVE-2026-50162 and · CVE-2026-50162 · High
  • Keycloak privilege escalation via scope mapping enforcement flaw and · CVE-2026-9795 · High
  • Ubuntu USN-8493-1 ships Linux kernel fixes and · CVE-2022-48816 · Medium
  • Keycloak WID-SEC-2026-2145 and CVE-2026-12388 enters EU patch routing · CVE-2026-12388 · Medium
  • Coolify WID-SEC-2026-2151 and CVE-2026-27882 enters EU patch routing · CVE-2026-27882 · Medium
  • Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs · CVE-2026-43707 · Medium
  • UltraVNC WID-SEC-2026-2162 and CVE-2026-44040 enters remote-access patch routing · CVE-2026-44040 · Medium
  • Mailpit sibling API endpoints can exhaust memory through unbounded JSON bodies and · CVE-2026-48824 · Medium
  • oras-go malicious registry can hijack bearer-token realm and · CVE-2026-48978 · Low
  • CERT-Bund Synology MailPlus Server WID-SEC-2026-2140 and CVE-2025-15660 high-severity batch · CVE-2025-15660 · Unknown
  • IBM Power HMC WID-SEC-2026-2150 and CVE-2026-12943 code-execution advisory · CVE-2026-12943 · Unknown
  • CERT-Bund Snipe-IT WID-SEC-2026-2144 and CVE-2026-55481 information-disclosure advisory · CVE-2026-55481 · Unknown
  • Gitea WID-SEC-2026-2149 and CVE-2026-58418 enters source-control patch routing · CVE-2026-58418 · Unknown
  • SurrealDB JSON Patch copy/move bypasses field-level SELECT permissions and GHSA-fpxg-5xmv-922m
cursorcve-2026-10097cve-2026-10816cve-2026-11546cve-2026-33017cve-2026-44935cve-2026-44939cve-2026-48276cve-2026-50548cve-2026-50549

Act on this brief

Map detection coverage gaps for the techniques above, or generate Sigma rules from the named CVEs.