THREATOPS
THREAT OPSCVEs › CVE-2026-55255

CVE-2026-55255 — Langflow Authorization Bypass Through User-Controlled Key Vulnerability

CISA KEVExploited: confirmedLangflow

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.

Vulnerability details

Related reporting