Skip to content

Langflow CVE-2026-55255 flow authorization bypass

Summary

CISA added CVE-2026-55255 to the Known Exploited Vulnerabilities catalog on July 7, 2026. The vulnerability affects Langflow and allows an authenticated attacker to execute another user's flow by supplying the victim flow ID in a request.

This is durable defender signal because Langflow often sits at the junction of model providers, workflow credentials, tools, data connectors, and cloud/runtime secrets. Even where the bug is authenticated rather than unauthenticated RCE, cross-user flow execution can expose prompts, credentials, data access paths, and tool invocations that defenders should treat as a multi-tenant AI-workflow isolation failure.

Tags

Why this matters

  • CISA describes the flaw as an authorization bypass through a user-controlled key that lets an authenticated attacker execute any flow belonging to another user by specifying the victim's flow ID.
  • The KEV due date is July 10, 2026 under BOD 26-04, indicating near-term remediation priority for exposed or high-risk assets.
  • Langflow flows can hold or reference API keys, data connectors, vector stores, model endpoints, custom Python components, and tool calls. Unauthorized flow execution can become data theft, secret abuse, or lateral movement depending on what the flow can reach.
  • This KEV entry compounds the Langflow risk pattern already visible in public reporting: exposed AI workflow systems have been used for RCE, cryptomining, SSH worming, and agentic database extortion.

Defender heuristics

  1. Inventory Langflow deployments, especially shared, hosted, lab, developer, and internet-facing instances.
  2. Apply the Langflow vendor fix for GHSA-qrpv-q767-xqq2 / CVE-2026-55255 or remove access until patched.
  3. Review authentication and authorization logs for one user executing, listing, exporting, or invoking flows owned by another user; treat flow IDs in unexpected requests as a key hunting pivot.
  4. Audit flow definitions for embedded secrets, hardcoded API keys, dangerous custom components, shell/tool execution, database connectors, cloud storage access, and outbound webhooks.
  5. Rotate API keys and connector credentials reachable by flows that may have been executed by unauthorized users.
  6. Segment Langflow runtimes from production networks and high-privilege cloud roles; constrain outbound egress and tool/plugin permissions.
  7. Preserve Langflow app logs, reverse-proxy logs, container logs, flow execution history, and credential-access telemetry before cleanup.

Sources

  • CISA KEV: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
  • GitHub Security Advisory GHSA-qrpv-q767-xqq2: https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2
  • NVD CVE-2026-55255: https://nvd.nist.gov/vuln/detail/CVE-2026-55255