THREAT OPS › CVEs › CVE-2026-55255
CVE-2026-55255 — Langflow Authorization Bypass Through User-Controlled Key Vulnerability
Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.
Vulnerability details
- Affected productsLangflow
- KEV remediation due2026-07-10
Related reporting
- 29th June – Threat Intelligence Reportcheckpoint_research
- 22nd June – Threat Intelligence Reportcheckpoint_research
- CISA Adds Three Known Exploited Vulnerabilities to Catalogcisa_advisories
- [CISA KEV] CVE-2026-55255 — Langflow Langflow: Langflow Authorization Bypass Through User-Controlled Key Vulnerabilitycisa_kev
- Langflow security advisory (AV26-670)cccs_ca