Do Son 
- Product: langflow (pip)
- Vulnerabilities: 3 flaws (CVE-2026-55255, CVE-2026-55447, CVE-2026-55450)
- Highest severity: 9.9 (Critical · CVSSv3)
- Worst impact: IDOR in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
- Status: No confirmed exploitation yet; patches available
- Action: Update to 1.9.1, 1.9.2 now
| CVE | CVSS | Type | Status |
|---|---|---|---|
| CVE-2026-55255 | 9.9 | CWE-639 | Not exploited |
| CVE-2026-55447 | 9.6 | CWE-61 | Not exploited |
| CVE-2026-55450 | 9.3 | CWE-200 | Not exploited |
TL;DR
Three critical Langflow security vulnerabilities expose artificial intelligence applications to severe risks. Attackers could execute arbitrary code, bypass authentication, and exhaust server storage. Administrators must apply recent patches to protect their AI workflows.
Why it matters
Langflow provides a platform for building AI-powered agents. The report notes it “supports all major LLMs, vector databases and a growing library of AI tools.” Consequently, an attack can grant hackers deep access to sensitive enterprise data. Furthermore, intruders could extract JWT secrets, bypass authentication, and manipulate core AI behaviors. Currently, researchers have not confirmed active exploitation in the wild.
How the attack works
First, CVE-2026-55255 is an Insecure Direct Object Reference (IDOR) bug. It occurs in the /api/v1/responses endpoint. The system queries the database using a flow UUID “WITHOUT checking user_id.” Thus, authenticated users can hijack flows belonging to others.
Second, CVE-2026-55447 allows arbitrary file reads and remote code execution. The BaseFileComponent extracts TAR files improperly. Hackers can upload archives containing malicious symlinks. Subsequently, these symlinks can expose the Langflow secret key.
Third, CVE-2026-55450 enables unauthenticated file uploads. Attackers can upload unlimited data to the server. This action exhausts disk space and causes a Denial-of-Service (DoS) condition. It also leaks the absolute path of the uploaded file.
Affected versions
These Langflow security vulnerabilities affect multiple software iterations. Specifically, versions prior to 1.9.1 remain vulnerable to the IDOR and DoS flaws. Meanwhile, versions prior to 1.9.2 suffer from the arbitrary file read defect.
Patch or mitigation steps
Developers should upgrade their installations immediately. You can read the official security advisories for technical specifics. Therefore, organizations must update to version 1.9.2 or later to ensure full protection. You can download the updates directly from the Langflow releases page.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
