CVE-2026-55255

HIGH KEV LAB

Langflow < 1.9.2 - Authenticated Insecure Direct Object Reference

Title source: manual
STIX 2.1

Exploitation Summary

CVE-2026-55255 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 7, 2026. EIP tracks 2 public exploits from researchers including HORKimhab, rootdirective-sec.

AI-analyzed exploit summary The repository contains a markdown file describing an IDOR vulnerability in Langflow's `/api/v1/responses` endpoint but provides no actual exploit code. Instead, it links to external resources (GitHub repo and encrypted archive) without technical details or proof of concept.

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1.

Exploits (2)

github SUSPICIOUS
by HORKimhab · poc
https://github.com/HORKimhab/poc-cve-collection/tree/main/2026/55xxx/CVE-2026-55255.md

The repository contains a markdown file describing an IDOR vulnerability in Langflow's `/api/v1/responses` endpoint but provides no actual exploit code. Instead, it links to external resources (GitHub repo and encrypted archive) without technical details or proof of concept.

Classification
Suspicious 98%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Langflow <1.9.2
Auth required
Prerequisites: Authenticated access to Langflow · Knowledge of victim's flow ID
mistral-large-3 · analyzed Jul 08, 2026 Full analysis →
github WORKING POC
by rootdirective-sec · pythonremote-auth
https://github.com/rootdirective-sec/CVE-2026-55255-Lab

This repository contains a functional exploit PoC for CVE-2026-55255, an IDOR (Insecure Direct Object Reference) vulnerability in Langflow. The exploit demonstrates cross-user flow execution by allowing an attacker to execute flows owned by other users via crafted API requests.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Langflow versions 1.9.0 and earlier
Auth required
Prerequisites: Valid attacker API key · Target flow ID (victim-owned)
mistral-large-3 · analyzed Jun 30, 2026 Full analysis →

Scores

CVSS v3 8.4
EPSS 0.0044
EPSS Percentile 35.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull langflowai/langflow:1.9.0
docker pull langflowai/langflow:1.9.1
docker pull cve-2026-55255-seed:latest

Details

CISA KEV 2026-07-07
VulnCheck KEV 2026-06-26
ENISA EUVD EUVD-2026-38517
CWE
CWE-639
Status published
Products (4)
langflow/langflow < 1.9.2
langflow-ai/langflow < 1.9.1
langflow-ai/langflow < 1.9.2
pypi/langflow 0 - 1.9.1PyPI
Published Jun 23, 2026
KEV Added Jul 07, 2026
Tracked Since Jun 23, 2026