Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1.
Published: 2026-06-23
Score: 8.4 High
EPSS: < 1% Very Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to release 1.9.1, its /api/v1/responses endpoint contains an IDOR flaw that allows an authenticated attacker to specify another user's flow ID and trigger its execution. This vulnerability is fixed in version 1.9.1.

Affected Systems

The vulnerable product is Langflow by langflow‑ai. Versions prior to 1.9.1 are affected. The specific endpoint responsible for the flaw is /api/v1/responses.

Risk and Exploitability

With a CVSS score of 8.4, this vulnerability is considered high severity. The EPSS Score of < 1% indicates a low likelihood of exploitation, yet the vulnerability is listed in the CISA KEV catalog, underscoring its significance. The attack surface requires only authenticated access; an attacker can maliciously specify another user’s flow ID to trigger its execution, based on the description, it is inferred that missing authorization checks allow direct control over another user’s workflow.

Generated by OpenCVE AI on July 13, 2026 at 16:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official update to Langflow 1.9.1 or later, which contains the fix for the IDOR flaw.
  • Modify the /api/v1/responses endpoint to enforce ownership verification so that a user can only request flows they own or have been explicitly granted access to.
  • Enable logging of flow execution requests and review logs regularly to detect any unauthorized or anomalous executions.

Generated by OpenCVE AI on July 13, 2026 at 16:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qrpv-q767-xqq2 Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
History

Tue, 07 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
Description Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2. Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1.
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L'}

cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L'}


Tue, 07 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 07 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-07-07T00:00:00+00:00', 'dueDate': '2026-07-10T00:00:00+00:00'}


Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Langflow
Langflow langflow
Vendors & Products Langflow
Langflow langflow

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.
Title Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L'}


Subscriptions

Langflow Langflow
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-08T03:56:30.245Z

Reserved: 2026-06-16T16:44:00.625Z

Link: CVE-2026-55255

cve-icon Vulnrichment

Updated: 2026-06-23T17:32:47.016Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T16:45:04Z

Weaknesses
  • CWE-639

    Authorization Bypass Through User-Controlled Key