LIVE · cybersecurity feed
langflowcriticalCVE-2026-55255

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

zeroday.news·3h ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Langflow AI framework to its Known Exploited Vulnerabilities catalog. This flaw, identified as CVE-2026-55255, has been observed being actively exploited in the wild by threat actors.

Langflow is an open-source visual tool used for developing AI agents and workflows, popular among individual developers and enterprises. The vulnerability, an insecure direct object reference (IDOR), exists in the /api/v1/responses endpoint. Versions of Langflow prior to 1.9.2 are affected.

An authenticated attacker can exploit CVE-2026-55255 by manipulating requests to execute any flow belonging to another user. This is possible because the endpoint accepts a flow ID without verifying the requesting user's authorization or ownership of that flow.

Researchers from the Sysdig Threat Research Team first detected exploitation of this vulnerability on June 25th. They observed a single attacker concurrently exploiting CVE-2026-55255 alongside CVE-2026-33017, a separate vulnerability enabling unauthenticated remote code execution.

The attackers are reportedly embedding prompts like "leak api keys" into hijacked flows to extract sensitive information. This includes API keys for AI services, cloud provider credentials, and database secrets, leading to potential cross-tenant data exposure and secret theft.

While CVE-2026-33017 can achieve similar outcomes on a single instance, the IDOR vulnerability (CVE-2026-55255) is particularly concerning in multi-tenant or managed SaaS environments. It can bypass tenant isolation at the application layer by leveraging the victim's credentials to execute their flows.

Sysdig characterized the actor as opportunistic and financially motivated, with a broader goal of achieving code execution and deploying implants. However, they also actively used the IDOR flaw to harvest embedded secrets.

In response to the threat, CISA has directed U.S. federal civilian agencies to mitigate CVE-2026-55255 by July 10, 2026. Agencies are also advised to search for indicators of compromise detailed by Sysdig and SentinelOne. CVE-2026-33017, added to the catalog earlier, should have already been addressed.

langflowcisavulnerabilitycredential harvestingai security
← Back to latest

More News

view all →
zeroday.news · 2h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 2h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 3h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 3h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 3h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.

zeroday.news · 4h ago·high

3 Ways AI Powers Service Desk Attacks and How to Prevent Them

Artificial intelligence is increasingly being used by attackers to enhance service desk attacks, particularly during employee onboarding. AI tools can create more convincing impersonations, accelerate reconnaissance for personalized attacks, and scale malicious campaigns. To counter these threats, organizations need to implement stronger identity verification methods, such as secure password delivery, biometric liveness detection, and multi-factor authentication before sensitive actions are approved.