CISA tells federal agencies to patch actively exploited Langflow auth bypass flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed federal civilian agencies to address an actively exploited authentication bypass flaw in Langflow, a visual development pl...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed federal civilian agencies to address an actively exploited authentication bypass flaw in Langflow, a visual development platform used to build AI agents.

The vulnerability, tracked as CVE-2026-55255, is an insecure direct object reference (IDOR) issue that can let an authenticated attacker reach other users’ flows by sending a crafted request to Langflow’s /api/v1/responses endpoint with a victim’s flow UUID. If abused successfully, the flaw can expose data handled by those workflows and allow attackers to consume associated resources.

According to Sysdig’s Threat Research Team, exploitation was observed in the wild on June 25. The researchers said the activity appeared aimed at code execution and the delivery of a second-stage payload, describing the campaign as financially motivated and relatively low in sophistication.

CISA deadline set for Friday

CISA added CVE-2026-55255 to its Known Exploited Vulnerabilities catalog on Tuesday and ordered Federal Civilian Executive Branch agencies to secure affected systems by Friday, in line with Binding Operational Directive 26-04. The agency said vulnerabilities of this kind are a common entry point for malicious actors and can pose serious risk to government networks.

CISA also urged organizations to assess whether exposed systems are reachable from the internet and to follow patching guidance based on the exposure of each asset.

Langflow has faced repeated attacks

  • CISA previously listed a missing authentication bug in Langflow, CVE-2025-3248, in May 2025.
  • A code injection issue, CVE-2026-33017, was added to the KEV catalog in March 2026.
  • Researchers have also linked the JadePuffer ransomware group to abuse of the missing-auth flaw to extract Langflow’s PostgreSQL data.
  • VulnCheck has reported that attackers have been exploiting a separate Langflow path traversal flaw, CVE-2026-5027, to write files on internet-facing servers.

The latest advisory adds to growing pressure on organizations running Langflow to patch quickly and review exposed deployments for signs of compromise.