The Circuitry
THE CIRCUITRYYour one-stop source for all tech news
HOMETODAYNEWSFEEDEVENTS
BOOKMARKS
RSS
© 2026 The Circuitry
About UsSourcesContactCorrectionsPrivacy
  • Today
  • Feed
  • Events
  • Saved
Scroll for more
Verification
VERIFIEDConfidence: HIGH
Source identified
Claims cross-referenced
No discrepancies found
Fact-check summary

CISA's addition of CVE-2026-55255 (Langflow IDOR) to the KEV catalog on July 7 with a July 10 federal patching deadline is corroborated by The Hacker News, CISA.gov, and Sysdig reporting.

Sourcing
1source

via BleepingComputer

BleepingComputer · track record
61Stories
100%Verified
3730d
All sources →
Home/Tech/CISA tells federal agencies to fix actively exploited Langflow IDOR flaw by Friday
VERIFIEDBy Xavier Rivera· ·2 min read

CISA tells federal agencies to fix actively exploited Langflow IDOR flaw by Friday

CISA directed federal agencies to patch the actively exploited CVE-2026-55255 authorization bypass in Langflow by Friday after adding it to the Known Exploited Vulnerabilities catalog. The IDOR flaw lets authenticated attackers reach other users' AI agent flows, sensitive data, and resources, with exploitation observed targeting compute power and credentials.

Source:BleepingComputer
Post
CISA tells federal agencies to fix actively exploited Langflow IDOR flaw by Friday
TL;DRAI · 60 sec read

CISA directs federal agencies to patch an actively exploited Langflow IDOR flaw, CVE-2026-55255, by Friday. The agency added the authorization bypass to its Known Exploited Vulnerabilities catalog. The issue lets attackers reach other users' flows and data through crafted requests to the responses endpoint. Exploitation focuses on code execution and implant delivery.

Developing storymonitoring for updates
This story is still unfolding. Confirmed developments will appear here.
The U.S. Cybersecurity and Infrastructure Security Agency directed federal agencies to apply a fix for an actively exploited vulnerability in the Langflow visual framework by the end of this week.

CISA adds the Langflow authorization bypass to its Known Exploited Vulnerabilities catalog. The agency placed CVE-2026-55255 into the KEV catalog on Tuesday. Federal Civilian Executive Branch agencies must secure their devices by Friday under Binding Operational Directive 26-04.
The IDOR flaw enables authenticated attackers to access other users' flows and sensitive data.

CISA warned that "this type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise." Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

The IDOR flaw enables authenticated attackers to access other users' flows and sensitive data. Tracked as CVE-2026-55255, this Insecure Direct Object Reference vulnerability lets threat actors reach other users' flows through specially crafted requests sent to the /api/v1/responses endpoint that include the victim's UUID (flow_id). Successful exploitation also enables attackers to access sensitive data processed by the victim's flows and consume their resources.
From The CircuitryThe Feed — live briefs across tech, all day.See what’s happening →

Langflow serves as a popular visual framework for building AI agents. It provides a drag-and-drop interface for linking nodes into executable pipelines along with a REST API that supports programmatic execution, making the platform an attractive target for hackers within the AI development ecosystem.
Sysdig researchers observed in-the-wild exploitation aimed at code execution and implant delivery.

Sysdig researchers observed in-the-wild exploitation aimed at code execution and implant delivery. Sysdig's Threat Research Team first observed the exploitation on June 25, noting that the objective was "code execution and second-stage implant delivery (loader/dropper class." The researchers described the threat actor as opportunistic and financially motivated, stating that "the motive was money via the two reliable yields of a compromised AI host: its compute (botnet/implant) and its credentials (LLM/cloud keys), both of which were pursued with cheap, repeatable, low-sophistication tooling."
CISA has previously added multiple Langflow vulnerabilities to the KEV catalog. The agency added a Langflow missing authentication security issue tracked as CVE-2025-3248 in May 2025. It added a code injection vulnerability tracked as CVE-2026-33017 in March 2026. CISA flagged the CVE-2025-3248 issue as exploited by ransomware gangs on Tuesday after Sysdig reported that the JadePuffer ransomware operation used it to dump Langflow's PostgreSQL database. Since June, attackers have also been actively exploiting a high-severity Langflow path traversal vulnerability tracked as CVE-2026-5027 to write arbitrary files on exposed servers, according to VulnCheck security researcher Caitlin Condon.

EXPERT TAKE

Federal agencies must treat Langflow exposure as an immediate priority given the financial motives behind observed attacks that target both compute resources and cloud credentials.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported
DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE
From The Circuitry

See what’s happening right now

The Feed runs all day — short, verified briefs the moment they break.

Open the Feed →
From The Circuitry

Follow @thecircuitry_

Every story we publish, as it happens. No noise between.

Follow on X ↗On Bluesky ↗

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee
CISALangflowVulnerabilityKEV
More fromBleepingComputer
  • KDDI breach hits email platform used by five Japanese ISPs

    Tech · 2h
  • Accenture confirms breach after hacker offers 35 GB of stolen data

    Tech · 15h
  • Attackers exploit max-severity Adobe ColdFusion flaw

    Tech · 2d
More inTech
  • Telstra outage disrupts emergency calls, trains and payments

    Tech · 21m
  • Blue Origin reportedly raising up to $10B in first private capital round

    Tech · 34m
  • KDDI breach hits email platform used by five Japanese ISPs

    Tech · 2h
SupportThe Work

The Circuitry is reader-supported. If you find the daily brief useful, you can buy me a coffee to keep it going.

Buy a coffee →
SubscribeCircuitry Brief

Daily brief at 7 AM ET. Top tech stories, every morning.

MORE IN TECH

Telstra outage disrupts emergency calls, trains and payments

A software defect at Telstra on July 8, 2026 caused emergency calls to fail, halted regional trains in Victoria and disrupted payments for 80,000 businesses. The outage highlights vulnerabilities in critical national infrastructure that rely on a single telco provider.

Blue Origin reportedly raising up to $10B in first private capital round

Blue Origin is reportedly raising up to $10 billion in its first private capital round at a $130 billion valuation, with Coatue Management reported to lead participation from institutional investors and Jeff Bezos. The move ends the company's near-total reliance on Bezos' personal funding as it races to scale ambitious launch, lunar, and satellite constellation projects against SpaceX.

KDDI breach hits email platform used by five Japanese ISPs

KDDI disclosed that attackers breached an email platform used by five Japanese ISPs, exposing email addresses of 12,233,087 people and passwords of 7,616,173 others via a zero-day vulnerability first exploited on May 16. The company is forcing password changes and has deployed new detection tools after notifying regulators, with no confirmed secondary damage reported.