langflow

zeroday.news · 4h ago·critical
Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)
CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.

zeroday.news · 9h ago·high
CISA orders feds to prioritize patching Langflow auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to prioritize patching a critical authentication bypass vulnerability within the Langflow AI agent framework. This directive comes as the flaw is reportedly being actively exploited.