216.73.217.80

Understanding Langflow CVE-2026-55255, and why higher CVSS vulnerabilities aren't always the most exploited

· Published 26/06/2026 23:31

Export JSON

Essential information

Published
26/06/2026 23:31
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
ai pipeline exploitation botnet deployment credential theft cve-2026-33017 cve-2026-55255 cvss paradox idor langflow multi-tenant rce
Related entities
2 vulnerabilities (cve), 2 indicators, 2 observables, 20 techniques (mitre)

Description

On June 25, 2026, the first active exploitation of CVE-2026-55255, a critical CVSS 9.9 vulnerability, was documented. is an open-source framework for building AI agents and RAG pipelines. A single operator exploited both CVE-2026-55255 (cross-tenant IDOR) and (unauthenticated , CVSS 9.3) against the same instance. Despite its lower score, the has been exploited thousands of times and is listed in CISA KEV, while the IDOR showed no prior in-the-wild exploitation. The operator focused primarily on the for code execution and implant delivery, using the IDOR opportunistically for across tenants. The financially motivated threat actor deployed a scripted loader to harvest AWS keys, environment files, and API credentials. This demonstrates that CVSS scores don't always correlate with real-world exploitation rates, as unauthenticated vulnerabilities require less effort than those needing authorization and disclosed object IDs.

External references