CVE Details

CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability
Published: 2026-07-07 CVSS: 9.9 CRITICAL Product: Langflow Langflow Due Date: 2026-07-10

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 9.9
  • Severity: CRITICAL
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

SSVC

  • Exploitation: active
  • Automatable: no
  • Technical Impact: total

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2026-55255
cveMetadata > assignerOrgId a0819718-46f1-4df5-94e2-005712e83aaa
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName GitHub_M
cveMetadata > dateReserved 2026-06-16T16:44:00.625Z
cveMetadata > datePublished 2026-06-23T16:28:20.985Z
cveMetadata > dateUpdated 2026-07-07T17:54:17.107Z
containers > cna > title Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-639
containers > cna > problemTypes > 0 > descriptions > 0 > lang en
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-639: Authorization Bypass Through User-Controlled Key
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > metrics > 0 > cvssV3_1 > attackComplexity LOW
containers > cna > metrics > 0 > cvssV3_1 > attackVector NETWORK
containers > cna > metrics > 0 > cvssV3_1 > availabilityImpact LOW
containers > cna > metrics > 0 > cvssV3_1 > baseScore 9.9
containers > cna > metrics > 0 > cvssV3_1 > baseSeverity CRITICAL
containers > cna > metrics > 0 > cvssV3_1 > confidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > integrityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > privilegesRequired LOW
containers > cna > metrics > 0 > cvssV3_1 > scope CHANGED
containers > cna > metrics > 0 > cvssV3_1 > userInteraction NONE
containers > cna > metrics > 0 > cvssV3_1 > vectorString CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
containers > cna > metrics > 0 > cvssV3_1 > version 3.1
containers > cna > references > 0 > name https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2
containers > cna > references > 0 > tags > 0 x_refsource_CONFIRM
containers > cna > references > 0 > url https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2
containers > cna > references > 1 > name https://github.com/langflow-ai/langflow/pull/12832
containers > cna > references > 1 > tags > 0 x_refsource_MISC
containers > cna > references > 1 > url https://github.com/langflow-ai/langflow/pull/12832
containers > cna > affected > 0 > vendor langflow-ai
containers > cna > affected > 0 > product langflow
containers > cna > affected > 0 > versions > 0 > version < 1.9.2
containers > cna > affected > 0 > versions > 0 > status affected
containers > cna > providerMetadata > orgId a0819718-46f1-4df5-94e2-005712e83aaa
containers > cna > providerMetadata > shortName GitHub_M
containers > cna > providerMetadata > dateUpdated 2026-06-23T16:28:20.985Z
containers > cna > descriptions > 0 > lang en
containers > cna > descriptions > 0 > value Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.
containers > cna > source > advisory GHSA-qrpv-q767-xqq2
containers > cna > source > discovery UNKNOWN
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > id CVE-2026-55255
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation active
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable no
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact total
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > metrics > 0 > other > content > timestamp 2026-07-07T17:45:10.476349Z
containers > adp > 0 > references > 0 > url https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2
containers > adp > 0 > references > 0 > tags > 0 exploit
containers > adp > 0 > references > 1 > url https://webflow.sysdig.com/blog/understanding-langflow-cve-2026-55255-and-why-higher-cvss-vulnerabilities-arent-always-the-most-exploited
containers > adp > 0 > references > 1 > tags > 0 third-party-advisory
containers > adp > 0 > references > 2 > url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-55255
containers > adp > 0 > references > 2 > tags > 0 government-resource
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-07-07T17:54:17.107Z