Metrics
Affected Vendors & Products
Tue, 07 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2. | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1. |
| References |
| |
| Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 07 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
ssvc
|
ssvc
|
Tue, 07 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
kev
|
Wed, 24 Jun 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Langflow
Langflow langflow |
|
| Vendors & Products |
Langflow
Langflow langflow |
Tue, 23 Jun 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 23 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2. | |
| Title | Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-23T16:28:20.985Z
Updated: 2026-07-08T03:56:30.245Z
Reserved: 2026-06-16T16:44:00.625Z
Link: CVE-2026-55255
Updated: 2026-06-23T17:32:47.016Z
No data.
No data.