oM noM Security Feeds cve
vulnerability context

CVE-2026-55255

CVSS 9.9 CRITICALEPSS 14%CWE-639OTX 11 pulses

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.

Published 2026-06-23 · last modified 2026-07-07

details

CISA KEV status
Not in catalog
CVSS v3
9.9 / CRITICAL
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS
14% percentile (score 0.0023)
CWE
CWE-639
OTX pulses
11 total, 0 recent

source mentions 3

source consensus

  • Bluesky
  • CISA Alerts
  • GitHub Advisories
Want the 3-bullet summary of CVE-2026-55255, plus webhook alerts when KEV is updated? Pro is $10/mo.