COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-55255

CVE-2026-55255

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-07-07
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-55255
⌖ exploited in the wild shame 45/100 exploited-in-wildauthorization-bypass

Langflow allows authenticated attackers to execute any user's flow by specifying a victim's flow ID, bypassing authorization controls.

This authorization bypass enables an authenticated attacker to impersonate another user and execute their flows, creating a significant risk for DIB organizations using Langflow for sensitive workflows. The vulnerability is actively exploited in the wild, requiring immediate patching and review of access controls to prevent unauthorized flow execution.

Shame score — While actively exploited, the vulnerability requires authentication to exploit and does not involve default credentials or supply-chain compromise.

Players implicated

Langflow · vendorLangflow · product

Description

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.