CVE-2026-55255: CWE-639: Authorization Bypass Through User-Controlled Key in langflow-ai langflow
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.
AI Analysis
Technical Summary
CVE-2026-55255 describes an authorization bypass vulnerability in langflow prior to version 1.9.2. The vulnerability exists due to insufficient access control on the /api/v1/responses endpoint, allowing an authenticated attacker to specify arbitrary flow IDs and execute flows owned by other users. This is a classic Insecure Direct Object Reference (IDOR) issue categorized under CWE-639. The vulnerability has a critical severity with a CVSS 3.1 base score of 9.9, indicating network attack vector, low attack complexity, required privileges, no user interaction, and impacts on confidentiality, integrity, and availability. The vulnerability is fixed in langflow version 1.9.2.
Potential Impact
An authenticated attacker can execute any flow belonging to another user by specifying the victim's flow ID. This leads to complete compromise of confidentiality and integrity of the victim's flows, and partial impact on availability. The attacker can abuse workflows they do not own, potentially causing unauthorized actions or data exposure.
Mitigation Recommendations
Upgrade langflow to version 1.9.2 or later, where this vulnerability is fixed. Since the vendor has released a fixed version, applying this official update is the recommended remediation. Patch status is confirmed fixed in 1.9.2.
CVE-2026-55255: CWE-639: Authorization Bypass Through User-Controlled Key in langflow-ai langflow
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.
CVSS v3.1
Score 9.9critical
Affected software
pkg:github/langflow-ai/langflowRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-55255 describes an authorization bypass vulnerability in langflow prior to version 1.9.2. The vulnerability exists due to insufficient access control on the /api/v1/responses endpoint, allowing an authenticated attacker to specify arbitrary flow IDs and execute flows owned by other users. This is a classic Insecure Direct Object Reference (IDOR) issue categorized under CWE-639. The vulnerability has a critical severity with a CVSS 3.1 base score of 9.9, indicating network attack vector, low attack complexity, required privileges, no user interaction, and impacts on confidentiality, integrity, and availability. The vulnerability is fixed in langflow version 1.9.2.
Potential Impact
An authenticated attacker can execute any flow belonging to another user by specifying the victim's flow ID. This leads to complete compromise of confidentiality and integrity of the victim's flows, and partial impact on availability. The attacker can abuse workflows they do not own, potentially causing unauthorized actions or data exposure.
Mitigation Recommendations
Upgrade langflow to version 1.9.2 or later, where this vulnerability is fixed. Since the vendor has released a fixed version, applying this official update is the recommended remediation. Patch status is confirmed fixed in 1.9.2.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-16T16:44:00.625Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3ab6daeed863c81e4f9f1c
Added to database: 06/23/2026, 16:39:54 UTC
Last enriched: 06/23/2026, 16:54:26 UTC
Last updated: 06/23/2026, 22:00:10 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.