Vulnerability  ·  2026-07-09

Langflow Authorization Bypass (IDOR) — Added to CISA KEV, Actively Exploited for Cross-Tenant Credential Harvesting

VulnerabilityHigh impactGlobalCVE-2026-55255
CISA added CVE-2026-55255, a Langflow authorization-bypass vulnerability (CWE-639, user-controlled key), to its Known Exploited Vulnerabilities catalog on July 7, 2026, confirming active exploitation. The flaw lets an authenticated attacker execute any other user's flow by supplying the victim's flow ID, exposing secrets and cloud credentials embedded in flows.
This is the first time an AI-agent orchestration/workflow platform has appeared in the CISA KEV catalog, confirming that Langflow deployments are being actively targeted for credential harvesting and lateral movement into connected cloud/LLM-provider accounts — a direct, operationally confirmed threat to AI development infrastructure.
Authenticated attacker specifies a victim's flow UUID in a request to /api/v1/responses (or similar endpoints) to execute another user's flow, harvesting embedded API keys, cloud credentials, and LLM secrets stored within that flow — an insecure direct object reference through a user-controlled key.
Langflow (all versions prior to patch containing the /api/v1/responses IDOR)
Apply Langflow vendor patch (per GHSA-qrpv-q767-xqq2); federal agencies required to remediate by 2026-07-10 per CISA BOD 26-04; rotate any credentials previously stored in exposed Langflow flows.
CISA KEV CatalogBleepingComputer - CISA orders feds to prioritize patching Langflow auth bypass flawThe Hacker News - CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →