LIVE · cybersecurity feed

langflow

zeroday.news · 4h ago·critical

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.

zeroday.news · 9h ago·high

CISA orders feds to prioritize patching Langflow auth bypass flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to prioritize patching a critical authentication bypass vulnerability within the Langflow AI agent framework. This directive comes as the flaw is reportedly being actively exploited.