PT-2026-51099 · Langflow · Langflow
Leftenantzero
+2
·
Published
2026-06-19
·
Updated
2026-07-09
·
CVE-2026-55255
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Langflow versions prior to 1.9.2
Description
An Insecure Direct Object Reference (IDOR) issue exists in the
/api/v1/responses endpoint. This occurs because the get flow by id or endpoint name() function in src/backend/base/langflow/helpers/flow.py queries the database using a flow ID without verifying if the authenticated user owns that specific flow. An authenticated attacker can execute any flow belonging to another user by providing the victim's flow ID in the model parameter. This could lead to the execution of unauthorized workflows, consumption of other users' resources, and access to sensitive data processed by those flows.Recommendations
Update Langflow to version 1.9.2 or later.
As a temporary mitigation, restrict access to the
/api/v1/responses endpoint to trusted users only.Exploit
Fix
RCE
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Langflow