cisa

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)
CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.

CISA orders feds to prioritize patching Langflow auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to prioritize patching a critical authentication bypass vulnerability within the Langflow AI agent framework. This directive comes as the flaw is reportedly being actively exploited.

CISA orders feds to patch max severity ColdFusion flaw by Friday
The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies address a maximum-severity Adobe ColdFusion vulnerability. This flaw is currently being actively exploited and requires patching by Friday.

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CISA has incorporated four new vulnerabilities into its Known Exploited Vulnerabilities (KEV) catalog. These flaws, affecting products from Adobe, Joomla, and Langflow, are all currently under active exploitation.

CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws
CISA is reportedly using Anthropic Mythos AI to scan government software for vulnerabilities. The audits are said to be led by the agency Attack Surface Evaluation team to strengthen federal security reviews.