Skip to content
Verified reproduction

CVE-2026-55255: Langflow’s /api/v1/responses endpoint contains an IDOR that lets any authenticated user execute another user’s flow by supplying the victim’s flow UUID.

CVE-2026-55255 is verified against langflow (pip) · pip affected versions: < 1.9.1 fixed version: >=1.9.1 This critical reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00268.

REPRO-2026-00268 langflow (pip) · pip Variant found Jul 8, 2026 .txt
Severity CRITICAL
Confidence HIGH
Reproduced in 28m 29s
Tool calls 241
Spend $4.67
Affected < 1.9.1
Fixed in >=1.9.1
$ pruva-verify REPRO-2026-00268
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00268/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

An Insecure Direct Object Reference (IDOR) in Langflow’s /api/v1/responses endpoint allows an authenticated attacker to execute flows belonging to other users by providing the victim’s flow UUID as the model value. The vulnerable helper (get_flow_by_id_or_endpoint_name) queries by UUID without checking ownership.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/artifact_promotion_manifest.json15.5 KB
bundle/artifact_promotion_report.json21.5 KB
bundle/vuln_variant/source_identity.json2.4 KB
bundle/vuln_variant/root_cause_equivalence.json2.5 KB
bundle/repro/reproduction_steps.sh23.6 KB
bundle/repro/rca_report.md10.6 KB
bundle/repro/runtime_manifest.json1.1 KB
bundle/repro/validation_verdict.json1.0 KB
bundle/repro/artifacts/idor_response_vuln.json0.7 KB
bundle/repro/artifacts/idor_response_fixed.json0.1 KB
bundle/repro/artifacts/summary.json0.4 KB
bundle/logs/reproduction_steps.log3.3 KB
bundle/logs/langflow_server_vuln.log3.2 KB
bundle/logs/langflow_server_fixed.log2.5 KB
bundle/repro/artifacts/victim_register.json0.3 KB
bundle/repro/artifacts/attacker_register.json0.3 KB
bundle/repro/artifacts/victim_flow_create.json21.4 KB
bundle/repro/artifacts/ownership_victim_get.txt0.1 KB
bundle/repro/artifacts/ownership_attacker_get.txt0.1 KB
bundle/vuln_variant/artifacts/variant_response_vuln.json0.4 KB
bundle/vuln_variant/artifacts/variant_response_fixed.json0.2 KB
bundle/vuln_variant/artifacts/summary.json0.7 KB
bundle/logs/vuln_variant/reproduction_steps.log13.8 KB
bundle/vuln_variant/validation_verdict.json1.4 KB
bundle/vuln_variant/variant_manifest.json5.0 KB
bundle/vuln_variant/reproduction_steps.sh24.0 KB
bundle/vuln_variant/rca_report.md13.1 KB
bundle/vuln_variant/patch_analysis.md10.1 KB
bundle/vuln_variant/runtime_manifest.json1.3 KB
bundle/vuln_variant/artifacts/ownership_victim_get.txt0.1 KB
bundle/vuln_variant/artifacts/victim_flow_create.json21.4 KB
bundle/logs/vuln_variant/langflow_server_vuln.log3.6 KB
bundle/logs/vuln_variant/langflow_server_fixed.log2.5 KB
bundle/vuln_variant/artifacts/victim_register.json0.3 KB
bundle/vuln_variant/artifacts/attacker_register.json0.3 KB
bundle/vuln_variant/artifacts/ownership_attacker_get.txt0.1 KB