Understanding Langflow CVE-2026-55255, and why higher CVSS vulnerabilities aren't always the most exploited
Essential information
- Published
- 26/06/2026 23:31
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- ai pipeline exploitation botnet deployment credential theft cve-2026-33017 cve-2026-55255 cvss paradox idor langflow multi-tenant rce
- Related entities
- 2 vulnerabilities (cve), 2 indicators, 2 observables, 20 techniques (mitre)
Description
On June 25, 2026, the first active exploitation of CVE-2026-55255, a critical CVSS 9.9 Langflow vulnerability, was documented. Langflow is an open-source framework for building AI agents and RAG pipelines. A single operator exploited both CVE-2026-55255 (cross-tenant IDOR) and CVE-2026-33017 (unauthenticated RCE, CVSS 9.3) against the same instance. Despite its lower score, the RCE has been exploited thousands of times and is listed in CISA KEV, while the IDOR showed no prior in-the-wild exploitation. The operator focused primarily on the RCE for code execution and implant delivery, using the IDOR opportunistically for credential theft across tenants. The financially motivated threat actor deployed a scripted loader to harvest AWS keys, environment files, and API credentials. This demonstrates that CVSS scores don't always correlate with real-world exploitation rates, as unauthenticated vulnerabilities require less effort than those needing authorization and disclosed object IDs.