CVE lookup
CVE-2026-55255
Pruva has a verified reproduction for CVE-2026-55255: Langflow’s /api/v1/responses endpoint contains an IDOR that lets any authenticated user execute another user’s flow by supplying the victim’s flow UUID.. The canonical evidence record is REPRO-2026-00268.
REPRO
REPRO-2026-00268
Package
langflow (pip) · pip
Severity
CRITICAL
Status
published