SecBoard
Zurück zur CVE-Übersicht

CVE-2026-55255

CRITICAL(9.9)KEV — Aktiv ausgenutzt

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Risk Signal Score55/100 — HOCH
  • CVSS 9.9 — Kritisch
  • Im CISA KEV-Katalog (aktiv ausgenutzt)

Erwähnungen (letzte 60 Tage)

Artikel

CISA KEV

Bestätigt ausgenutzt

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

9.9

Technische Schwere

Beschreibung

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.

GitHub Advisories

GHSA-qrpv-q767-xqq2CRITICAL

Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow

pip/langflow1.9.1
GitHub Advisory

Referenzen