Full Report
Langflow security advisory (AV26-670)
Analysis Summary
# Vulnerability: Insecure Direct Object Reference (IDOR) in Langflow API
## CVE Details
- **CVE ID:** CVE-2026-55255
- **CVSS Score:** 8.8 (High) - *Estimate based on typical IDOR impact in authenticated environments*
- **CWE:** CWE-639 (Insecure Direct Object Reference)
## Affected Systems
- **Products:** Langflow (low-code UI for LangChain)
- **Versions:** All versions prior to 1.9.1
- **Configurations:** Systems where the `/api/v1/responses` endpoint is exposed and accessible to authenticated users.
## Vulnerability Description
An Insecure Direct Object Reference (IDOR) vulnerability exists within the Langflow `/api/v1/responses` endpoint. The application fails to properly validate that the user requesting a specific resource has the necessary permissions to access it. Specifically, an authenticated attacker can manipulate the parameters (such as flow IDs or response identifiers) in the API request to view or access "flows" and associated data belonging to other users on the same instance.
## Exploitation
- **Status:** **Exploited in the wild.** (Added to CISA's Known Exploited Vulnerabilities Catalog).
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Access to proprietary LLM logic, API keys embedded in flows, and sensitive user data).
- **Integrity:** Medium (Potential for unauthorized modification of logic depending on endpoint scope).
- **Availability:** Low
## Remediation
### Patches
- **Langflow version 1.9.1** or later addresses this vulnerability. Users are strongly urged to upgrade immediately.
### Workarounds
- Restrict network access to the Langflow UI/API to trusted users via VPN or Firewall.
- Implement strict IAM (Identity and Access Management) controls if deployed in a multi-tenant cloud environment until patching is complete.
## Detection
- **Indicators of Compromise:** Review web server logs for the `/api/v1/responses` endpoint. Look for repetitive GET requests with sequential or non-sequential ID parameters originating from a single authenticated session that do not match the user's known object ownership.
- **Detection methods:** Monitoring for anomalous API traffic patterns and cross-referencing user session IDs with the ownership of the objects being requested.
## References
- CISA KEV Catalog: [https://www.cisa[.]gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-55255]
- GitLab Advisory (PyPI): [https://advisories.gitlab[.]com/pypi/langflow/CVE-2026-55255/]
- Canadian Centre for Cyber Security Advisory: [https://www.cyber.gc[.]ca/en/alerts-advisories/langflow-security-advisory-av26-670]