CVE-2026-55255: Langflow IDOR Vulnerability Added to CISA KEV — Authenticated Users Can Execute Any AI Workflow — Deadline Friday

CVE-2026-55255: Langflow IDOR Vulnerability Added to CISA KEV — Authenticated Users Can Execute Any AI Workflow — Deadline Friday

CISA Known Exploited Vulnerability (KEV): Added to the CISA KEV Catalog on July 7, 2026. Action due July 10, 2026 (Friday). BOD 26-04 applies.

CVE: CVE-2026-55255 | CVSS 3.1: 8.4 (High) | Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L | CWE: CWE-639 (Authorization Bypass Through User-Controlled Key) | Vendor: Langflow | Product: Langflow (AI agent/bot building platform) | Affected versions: Prior to 1.9.1


What Is the Vulnerability

CVE-2026-55255 is an Insecure Direct Object Reference (IDOR) vulnerability in Langflow, a popular open-source tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.1, an IDOR vulnerability in the /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim’s flow ID in the request. This means a malicious user on a multi-tenant Langflow instance can execute AI workflows created by other users, potentially accessing sensitive data processed by those workflows or triggering actions those workflows were designed to perform.


Versions Affected

  • Langflow — all versions prior to 1.9.1

Exploited?

Yes — actively exploited. CISA added this vulnerability to the KEV catalog on July 7, 2026, citing evidence of active exploitation.


Fix

Langflow has released version 1.9.1 addressing the IDOR vulnerability.

  • Primary fix: Update Langflow to version 1.9.1 or later.
  • Workaround: Restrict network access to Langflow instances to trusted users only. Implement additional access controls around the /api/v1/responses endpoint.

Recommendations

  • Patch by Friday July 10: CISA KEV deadline applies.
  • Audit workflow executions: Review Langflow logs for unauthorized flow execution attempts.
  • Multi-tenant instances: If running Langflow in a multi-tenant configuration, update immediately to prevent cross-user flow access.

References


Part of the Vulnerability Intelligence series on threat-modeling.com. July 8, 2026 Report.

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!