CVE Tools
Back to feed
BleepingComputer ·EN-US News source Exploited in the wildLangflow

CISA orders feds to prioritize patching Langflow auth bypass flaw

By Sergiu Gatlan··2 min read
CVE Tools coverage

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies apply a critical security update by Friday to address an actively exploited vulnerability in Langflow, a widely used AI development framework. The flaw, identified as CVE-2026-55255, is an insecure direct object reference (IDOR) issue that permits authenticated attackers to access other users’ workflows and sensitive data through a malicious request. This vulnerability has already been observed being used in attacks aimed at achieving code execution and deploying implants. CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the urgency of remediation under Binding Operational Directive 26-04.