The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow code injection vulnerability (CVE-2026-33017) to its Known Exploited Vulnerabilities catalog after confirming active exploitation by malicious actors. Federal agencies are required to remediate the flaw by CISA's deadline, while CISA urges all organizations to prioritize patching to defend against ongoing attacks.