🔴 Critical | Source: CISA Known Exploited Vulnerabilities
A vulnerability in Langflow, an open-source tool for building AI-powered workflows, allows an authenticated attacker to execute any other user’s workflow simply by knowing or guessing its ID. This is an authorisation bypass flaw, meaning the application fails to verify that a user actually owns the flow they are requesting to run. Because Langflow is actively exploited in the wild and listed on the CISA KEV catalogue, this is a serious and immediate risk for any organisation running the platform.
Security Architect’s Take: Audit all Langflow deployments and apply the vendor patch immediately, prioritising internet-facing instances. In the interim, restrict network access to Langflow to trusted users only and review audit logs for anomalous flow execution requests referencing flow IDs not owned by the requesting user.
Original advisory: CVE-2026-55255: Langflow Langflow