Zurück zur CVE-Übersicht
CVE-2026-55255
CRITICAL(9.9)KEV — Aktiv ausgenutztCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Risk Signal Score55/100 — HOCH
- CVSS 9.9 — Kritisch
- Im CISA KEV-Katalog (aktiv ausgenutzt)
Erwähnungen (letzte 60 Tage)
Artikel
CISA KEV
Bestätigt ausgenutzt
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.9
Technische Schwere
Beschreibung
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.
GitHub Advisories
GHSA-qrpv-q767-xqq2CRITICAL
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
pip/langflow→ 1.9.1
GitHub AdvisoryReferenzen
- https://github.com/langflow-ai/langflow/pull/12832
- https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2
- https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2
- https://webflow.sysdig.com/blog/understanding-langflow-cve-2026-55255-and-why-hi...
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-...