Skip to content

CVE lookup

CVE-2026-55255

Pruva has a verified reproduction for CVE-2026-55255: Langflow’s /api/v1/responses endpoint contains an IDOR that lets any authenticated user execute another user’s flow by supplying the victim’s flow UUID.. The canonical evidence record is REPRO-2026-00268.

REPRO

REPRO-2026-00268

Package

langflow (pip) · pip

Severity

CRITICAL

Status

published