This article details a cryptocurrency-mining campaign exploiting CVE-2026-33017, an unauthenticated remote code execution (RCE) vulnerability in Langflow. Threat actors are targeting exposed AI application endpoints to deploy a multi-stage toolchain that includes a Bash dropper and a Go-based binary named "lambsys." The campaign demonstrates a significant shift in delivery vectors, moving from traditional web services to emerging AI pipeline tools.
Once the system is compromised, the malware disables various host-level security controls such as AppArmor, SELinux, and firewalls while aggressively terminating rival cryptominer processes. It establishes persistence using multiple watchdogs and cron jobs and spreads laterally through the environment by reusing SSH keys. Organizations are advised to update Langflow instances to version 1.9.0 or later and restrict public access to prevent these resource-hijacking attacks.
