CISA ordered U.S. federal agencies to patch an actively exploited Langflow vulnerability, CVE-2026-55255, after researchers observed in-the-wild attacks targeting AI app servers. The flaw lets authenticated attackers access other usersβ flows, steal sensitive data, and consume resources, with exploitation tied to opportunistic, financially motivated threat activity. #Langflow #CVE-2026-55255 #CISA #Sysdig
Keypoints
- CISA gave federal agencies until Friday to patch CVE-2026-55255 in Langflow.
- The flaw is an IDOR issue that can expose other usersβ flows through the /api/v1/responses endpoint.
- Attackers can access sensitive data and consume victim resources after successful exploitation.
- Sysdig observed real-world exploitation on June 25 with goals of code execution and implant delivery.
- CISA also flagged earlier Langflow flaws, including CVE-2025-3248 and CVE-2026-33017, as well as a separate path traversal bug.