Skip to main content
Kaino.dev
Discover
Evals
News
Academics
Insights
Kaino.dev

Discover, evaluate, and compare AI tools, models, and agents.

Explore

  • Discover
  • Evaluations
  • News
  • Academics
  • Insights

Community

  • Twitter
  • YouTube
  • Instagram
Privacy PolicyTerms of Service

© 2026 Kaino.dev. All rights reserved.

Version 1.1.0
Langflow Fixes IDOR Flaw in Responses Endpoint as CISA Sets July 10 Patch Deadline
Kaino
5d agoJul 9, 2026, 12:00 AM0 views

Langflow Fixes IDOR Flaw in Responses Endpoint as CISA Sets July 10 Patch Deadline

Langflow’s GitHub advisory says CVE-2026-55255 allowed authenticated users to execute another user’s flow by supplying a victim flow ID to the `/api/v1/responses` endpoint. NVD records the issue in CISA’s Known Exploited Vulnerabilities catalog, with a July 10, 2026 remediation deadline for federal agencies.

agentsLangflow

CISA added Langflow vulnerability CVE-2026-55255 to its Known Exploited Vulnerabilities catalog after reports of active exploitation.

Langflow advisory describes an IDOR in /api/v1/responses

Langflow, an open source tool for building AI agents and workflows, disclosed the issue in a GitHub Security Advisory tracked as GHSA-qrpv-q767-xqq2. The advisory says versions before 1.9.1 are affected and that the vulnerability was fixed in Langflow 1.9.1.

According to Langflow’s advisory, the flaw is an insecure direct object reference, or IDOR, in the /api/v1/responses endpoint. An authenticated attacker could provide another user’s flow ID and execute that user’s flow. In practical terms, the authorization check around flow ownership was insufficient for that endpoint.

The National Vulnerability Database describes CVE-2026-55255 as an IDOR affecting Langflow’s AI agents and workflows tool. NVD also records CISA Known Exploited Vulnerabilities status for the issue, with the vulnerability added on July 7, 2026 and a due date of July 10, 2026.

Reported exploitation targeted credentials and compute

Sysdig’s analysis of CVE-2026-55255 says the observed activity was not an attack on an AI model itself. Instead, Sysdig reported that on June 25 an operator enumerated Langflow flow IDs and invoked /api/v1/responses with input intended to leak API keys.

Sysdig said the activity focused on obtaining LLM and cloud credentials and accessing compute resources. That distinction matters for defenders: the exposed surface was the orchestration layer used to connect models, tools, secrets, and cloud services, rather than the model weights or inference behavior.

SecurityWeek separately reported that CISA urged immediate patching of exploited flaws including the Langflow vulnerability, and said agencies were given until July 10, 2026 to remediate CVE-2026-55255.

Why the flaw matters for AI workflow platforms

IDOR vulnerabilities are a well-known web application class, but Langflow’s role in AI workflow orchestration can raise the impact. Flows may connect to LLM providers, databases, internal APIs, cloud services, and other systems. If an attacker can cause another user’s flow to run, the resulting access may depend on what credentials and integrations that flow contains.

Langflow’s advisory states that upgrading to version 1.9.1 addresses the issue. Organizations running Langflow should verify their deployed version, apply the fixed release, and review whether exposed instances require authenticated internet access.

Administrators should also consider rotating secrets that may have been available to Langflow flows, especially API keys or cloud credentials embedded in workflow configurations. Sysdig’s report indicates that credential theft was a focus of the observed exploitation.

Recommended actions

Teams using Langflow should prioritize upgrading to version 1.9.1 or later, based on the vendor advisory. Security teams should review logs for unusual access to /api/v1/responses, attempts to enumerate flow IDs, and unexpected executions of flows owned by other users.

Because NVD records the vulnerability as part of CISA’s Known Exploited Vulnerabilities catalog, U.S. federal civilian executive branch agencies are required to remediate it by the listed deadline. Other organizations can use the KEV listing as a risk indicator when prioritizing patching.

The case is also a reminder that AI application security is not limited to prompt injection or model behavior. Conventional authorization bugs in the surrounding application can expose sensitive credentials and connected systems when AI workflow tools are deployed in production.

Key takeaways
  • 1

    CISA added Langflow vulnerability CVE 2026 55255 to its Known Exploited Vulnerabilities catalog after reports of active exploitation.

  • 2

    Langflow advisory describes an IDOR in /api/v1/responses Langflow, an open source tool for building AI agents and workflows, disclosed the issue in a GitHub Security Advisory tracked as GHSA qrpv q767 xqq2.

  • 3

    The advisory says versions before 1.9.1 are affected and that the vulnerability was fixed in Langflow 1.9.1.

Continue reading

Latest from Kaino News

Story pulse

Freshness

5d ago

Views

0

Reading

3 min

Byline

Kainotomic Team

Utilities

Topics

agentsLangflow

Sources

Reference material and original reporting used in this story.

GitHub / langflow-ai

Published Jul 9, 2026, 12:00 AM

View source