Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. CISA Orders Feds to Prioritize Patching Langflow Auth Bypass Flaw
CISA Orders Feds to Prioritize Patching Langflow Auth Bypass Flaw
NEWS

CISA Orders Feds to Prioritize Patching Langflow Auth Bypass Flaw

CISA added CVE-2026-55255, a CVSS 9.9 IDOR authorization bypass in Langflow, to its Known Exploited Vulnerabilities catalog on July 7, ordering U.S. federal agencies to patch under the accelerated 3-day deadline of new Binding Operational Directive BOD 26-04.

Dylan H.

News Desk

July 8, 2026
6 min read

Overview

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-55255, a critical authorization bypass vulnerability in the Langflow AI agent framework, to its Known Exploited Vulnerabilities (KEV) Catalog on July 7, 2026. Federal Civilian Executive Branch (FCEB) agencies were ordered to secure all affected Langflow deployments by Friday, July 11 — a deadline enforced under the new Binding Operational Directive BOD 26-04, which mandates patching timelines as short as 3 days for the highest-risk actively exploited vulnerabilities.

The move is the latest in a string of Langflow flaws to land on CISA's KEV list, reflecting the platform's growing use in federal and enterprise AI workflows — and its growing attractiveness as a target.

What Is Langflow?

Langflow is an open-source, low-code platform for building and deploying AI agent workflows. It provides a drag-and-drop interface to connect nodes — LLMs, tools, data sources, APIs — into executable pipelines, plus a REST API to run them programmatically. Its ease of use has made it widely adopted for AI application development, agentic AI research, and enterprise automation.

That same accessibility is what makes it a prime target: a compromised Langflow instance can expose API keys, LLM provider credentials, and sensitive data flowing through AI pipelines.

The Vulnerability: CVE-2026-55255

FieldDetail
CVE IDCVE-2026-55255
CVSS Score9.9 (Critical)
TypeInsecure Direct Object Reference (IDOR) / Authorization Bypass
CWECWE-639: Authorization Bypass Through User-Controlled Key
Affected VersionsLangflow prior to 1.9.2
Patched Version1.9.2+
Auth RequiredYes (authenticated attacker)

The vulnerability resides in the /api/v1/responses endpoint. An authenticated attacker can execute any flow belonging to another user by supplying the victim's flow UUID (flow_id) in a maliciously crafted request. This cross-tenant access enables:

  • Executing victim flows — running AI pipelines you don't own, including sensitive production workflows
  • Accessing sensitive data — any data processed by the victim's flows, including PII and business intelligence
  • Stealing API keys — LLM provider keys and AWS keys embedded in flows
  • Resource consumption — burning the victim's compute quotas and API rate limits

Sysdig's Threat Research Team described CVE-2026-55255 as a cross-tenant IDOR and confirmed real-world exploitation focused on stealing LLM provider API keys and AWS credentials.

Active Exploitation

Sysdig's TRT first observed CVE-2026-55255 being exploited in the wild on June 25, 2026, noting the objective was "code execution and second-stage implant delivery." The attacker combined this vulnerability with CVE-2026-33017 — an unauthenticated RCE in Langflow — in a sustained campaign running from June 22–25.

The exploitation chain:

  1. CVE-2026-33017 for initial unauthenticated remote code execution
  2. CVE-2026-55255 for cross-tenant data exfiltration (API keys, AWS credentials)
  3. Second-stage downloader for persistent malware delivery

CISA's researchers noted the threat actor is "opportunistic and financially motivated."

The Ransomware Connection

CISA flagged a related Langflow vulnerability as exploited by ransomware gangs. Cloud security firm Sysdig documented the JadePuffer ransomware operation using a Langflow flaw to dump the platform's PostgreSQL database. More alarmingly, Sysdig also documented what it described as the first known case of agentic ransomware — where a human operator deployed an AI agent and provisioned infrastructure, then let the agent autonomously handle the entire extortion operation end-to-end by exploiting the earlier CVE-2025-3248 Langflow flaw.

BOD 26-04: The New Patching Framework

CISA issued Binding Operational Directive 26-04 on June 10, 2026, titled "Prioritizing Security Updates Based on Risk." It supersedes both BOD 19-02 and BOD 22-01, consolidating federal vulnerability remediation under a single unified risk-based framework.

Under BOD 26-04, the strictest remediation requirement — 3 days plus mandatory forensic triage — applies to vulnerabilities meeting all of these criteria:

  • Publicly exposed (internet-accessible)
  • Listed in the KEV catalog
  • Automatable by adversaries
  • Grant total control of the affected system

In 2026, the average CISA KEV patching deadline has dropped to 14.4 days, down from 19.7 days in 2025 and over 20 days in 2024. CISA has directly attributed this acceleration to the growing use of AI by threat actors, which is narrowing the window between patch release and active exploitation.

Langflow's Growing Vulnerability History

CVE-2026-55255 is the latest in a long string of Langflow flaws to be exploited in the wild:

CVETypeCVSSPatched In
CVE-2025-3248Missing Auth / RCE9.81.2.0
CVE-2026-0770Auth Bypass——
CVE-2026-21445Missing Auth (Monitor API)Critical1.7.0.dev45
CVE-2026-33017Unauthenticated RCE9.31.9.0
CVE-2026-55255IDOR / Auth Bypass9.91.9.2
CVE-2026-7663MCP Auth Bypass9.11.10.0

The pattern is clear: Langflow's rapid development pace and complex API surface have repeatedly produced authentication and authorization gaps. Organizations deploying Langflow — especially those connecting it to sensitive data sources or cloud credentials — should treat it as a high-risk component requiring regular patching attention.

What Federal Agencies Must Do

Under BOD 26-04, FCEB agencies must:

  1. Patch to Langflow 1.9.2 or later by July 11, 2026
  2. If patching is not possible, remove Langflow from internet-accessible environments
  3. Rotate all API keys and tokens embedded in Langflow flows
  4. Report patching status through the CDM Federal Dashboard
  5. Create a POA&M (Plan of Action and Milestones) if the deadline cannot be met

What Non-Federal Organizations Should Do

Even if you're not a federal agency, the active exploitation of CVE-2026-55255 demands urgent action:

  1. Upgrade Langflow to version 1.9.2 or later immediately
  2. Audit all flows for embedded API keys, cloud credentials, or sensitive data connections
  3. Restrict Langflow to internal networks — do not expose it directly to the internet
  4. Enable authentication on all Langflow endpoints and review access controls
  5. Review logs for unauthorized /api/v1/responses calls or anomalous flow executions

References

  • BleepingComputer: CISA orders feds to prioritize patching Langflow auth bypass flaw
  • CISA: Known Exploited Vulnerabilities Catalog
  • CISA: Adds Three Known Exploited Vulnerabilities to Catalog
  • Sysdig: Understanding Langflow CVE-2026-55255
  • The Hacker News: CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
#Vulnerability#CISA#Langflow#AI Tools#Security Updates#KEV

Related Articles

CISA Sets Urgent Deadline to Fix Cisco Flaw Actively Exploited in Attacks

CISA has added a Cisco Unified Communications Manager Server vulnerability to its Known Exploited Vulnerabilities catalog and ordered federal agencies to...

4 min read

CISA: Hackers Now Exploit SolarWinds Serv-U Flaw to Crash Servers

CISA added a high-severity SolarWinds Serv-U flaw to its KEV catalog after confirming attackers are actively exploiting it to crash file transfer servers.

5 min read

CISA Gives Feds 4 Days to Patch Actively Exploited cPanel Plugin Flaw

CISA's emergency directive gives federal agencies four days to patch the actively exploited LiteSpeed cPanel plugin flaw being weaponized in the wild.

5 min read
Back to all News