216.73.217.50

CVE-2026-55255

· Published 23/06/2026 19:17 · Author: The MITRE Corporation

Labels: CVE-2026-55255

Essential information

Published
23/06/2026 19:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
9.9 CRITICAL (v3.1)
CISA KEV
No
CWE
CWE-639
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CVSS metrics

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.

NVD status

NVD
View on NVD