The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents.
Langflow is an attractive target for hackers since it's a popular tool in the AI development ecosystem, offering a drag-and-drop interface to connect nodes into executable pipelines and a REST API to run them programmatically.
Tracked as CVE-2026-55255, this Insecure Direct Object Reference (IDOR) security flaw allows authenticated threat actors to access other users' flows by sending a maliciously crafted request to the /api/v1/responses endpoint with the victim's UUID (flow_id).
Successful exploitation also enables attackers to access sensitive data processed by the victim's flows and consume their resources.
Sysdig's Threat Research Team (TRT) first observed CVE-2026-55255 in-the-wild exploitation on June 25, saying that the objective was "code execution and second-stage implant delivery (loader/dropper class."
"From what we observed, it’s clear that the threat actor is opportunistic and financially motivated," the security researchers added. "In short, it’s clear that the motive was money via the two reliable yields of a compromised AI host: its compute (botnet/implant) and its credentials (LLM/cloud keys), both of which were pursued with cheap, repeatable, low-sophistication tooling."
On Tuesday, CISA added the CVE-2026-55255 authorization bypass to its Known Exploited Vulnerabilities Catalog (KEV), ordering U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their devices by Friday, as required by Binding Operational Directive (BOD) 26-04.
"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," the cybersecurity agency warned. "Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines."
CISA also added a Langflow missing authentication security issue (CVE-2025-3248) to its KEV catalog in May 2025 and a code injection vulnerability (CVE-2026-33017) in March 2026.
The cybersecurity agency flagged the former as exploited by ransomware gangs on Tuesday, after cloud security company Sysdig reported that the JadePuffer ransomware operation used it to dump Langflow's PostgreSQL database.
... continue reading