Threat actors are actively exploiting a critical remote code execution (RCE) vulnerability in Langflow, specifically to deploy Monero cryptocurrency miners on compromised systems. This sustained malicious campaign leverages CVE-2026-33017, an unauthenticated RCE flaw that carries a severe CVSS score of 9.31. Attackers are systematically scanning for and compromising exposed artificial intelligence application endpoints, indicating a focused effort to exploit unpatched AI infrastructure. Upon successful exploitation, adversaries gain the ability to execute arbitrary code, subsequently installing cryptojacking software designed to illicitly generate Monero. The presence of a Monero miner can significantly degrade system performance and consume substantial computational resources without authorization. The active nature of these exploits underscores the critical urgency surrounding this vulnerability, which remains a subject of discussion involving Intel to determine whether immediate patching is required or if monitoring suffices. Organizations operating Langflow instances must prioritize immediate patching and robust security measures for their AI environments to prevent financial theft and resource degradation.