CVE-2026-55255
published 2026-06-23CVE-2026-55255: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in…
PriorityP182critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAL
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.23%
14.1th percentile
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langflow-ai | langflow | < 1.9.2 | 1.9.2 |
| langflow | langflow | < 1.9.2 | 1.9.2 |
| langflow | langflow | >= 0 < 1.9.1 | 1.9.1 |
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
vulncheck9.9CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
langflow-ai langflow up to 1.9.1 /api/v1/responses authorization (GHSA-qrpv-q767-xqq2)
vuldb·2026-06-24·CVSS 9.9
CVE-2026-55255 [CRITICAL] langflow-ai langflow up to 1.9.1 /api/v1/responses authorization (GHSA-qrpv-q767-xqq2)
A vulnerability, which was classified as critical, was found in langflow-ai langflow up to 1.9.1. This issue affects some unknown processing of the file /api/v1/responses. Executing a manipulation can lead to authorization bypass.
This vulnerability is tracked as CVE-2026-55255. The attack can be launched remotely. No exploit exists.
You should upgrade the affected component.
GHSA
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
ghsa·2026-06-19
CVE-2026-55255 [CRITICAL] CWE-639 Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
## Summary
Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/responses` endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.
## Details
The vulnerability exists in the `get_flow_by_id_or_endpoint_name` helper function in [`src/backend/base/langflow/helpers/flow.py` (lines 399-414)](https://github.com/langflow-ai/langflow/blob/v1.9.0/src/backend/base/langflow/helpers/flow.py#L399C1-L414C67).
When a flow is accessed via UUID (flow_id), the function queries the database directly without verifying if the authenticated user owns that flow:
```python
# src/backend/base/
VulnCheck
langflow langflow Authorization Bypass Through User-Controlled Key
vulncheck·2026·CVSS 9.9
CVE-2026-55255 [CRITICAL] langflow langflow Authorization Bypass Through User-Controlled Key
langflow langflow Authorization Bypass Through User-Controlled Key
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.
Affected: langflow langflow
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://webflow.sysdig.com/blog/understanding-langflow-cve-2026-55255-and-why-higher-cvss-vulnerabilities-arent-always-the-most-exploited
No detection rules found.
No public exploits indexed.
2026-06-23
Published
Exploited in the wild