SYS::ONLINE
Wasteland.
Briefs1122
Issues18
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-55255 2026-07-07

CVE-2026-55255: Langflow IDOR Lets Authenticated Users Run Other Users' Flows

"Langflow versions prior to 1.9.1 contain an authorization bypass (IDOR) that lets an authenticated attacker execute any other user's flow by supplying the victim's flow ID, and CISA has confirmed it is being actively…"

Langflow versions prior to 1.9.1 contain an authorization bypass (IDOR) that lets an authenticated attacker execute any other user's flow by supplying the victim's flow ID, and CISA has confirmed it is being actively exploited.

What Is It

CVE-2026-55255 is an Insecure Direct Object Reference (IDOR) / authorization bypass through a user-controlled key (CWE-639) in Langflow, an open-source tool for building and deploying AI-powered agents and workflows. The flaw lives in the /api/v1/responses endpoint: an authenticated attacker can execute any flow belonging to another user simply by specifying the victim's flow ID in the request. It carries a CVSS 3.1 base score of 8.4 (HIGH), with the vector AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L.

Why It Matters

CISA added CVE-2026-55255 to its Known Exploited Vulnerabilities catalog on 2026-07-07, and the NVD record reflects an SSVC exploitation status of "active"; this is being exploited in the wild, not a theoretical risk. Because the scope is Changed with High confidentiality and integrity impact, an attacker who holds any low-privilege account can reach and run flows they should never have access to, potentially triggering arbitrary AI-agent workflows owned by other tenants. Known ransomware campaign use is currently listed as Unknown.

What's Vulnerable

All Langflow releases prior to 1.9.1 are affected (cpe:2.3:a:langflow:langflow, versions < 1.9.1). Exploitation requires an authenticated but only low-privileged account and no user interaction.

Patch Status

The vulnerability is fixed in Langflow 1.9.1. CISA's required action is to apply mitigations per vendor instructions in line with BOD 26-04 patching guidance and CISA's Forensics Triage Requirements, following applicable BOD 26-04 guidance for cloud services or discontinuing use of the product if mitigations are unavailable. The CISA remediation due date is 2026-07-10. Organizations should upgrade to 1.9.1 or later.

Sources