CVE-2026-55255

Langflow IDOR: Unauthorized Access to Another User's Flow via /api/v1/responses

Credential Access Collection Last updated:

CVE-2026-55255 is a critical IDOR (Insecure Direct Object Reference) vulnerability in Langflow versions prior to 1.9.1. An authenticated attacker can enumerate and access another user's flow data by manipulating object identifiers in requests to the /api/v1/responses endpoint. With a CVSS score of 9.9, this vulnerability allows horizontal privilege escalation between users, potentially exposing sensitive AI flow configurations, credentials embedded in flows, and proprietary automation logic.

Vulnerability Intelligence

Public PoC

Affected Software

Vendor
pip
Product
langflow
Versions
< 1.9.1

Weakness (CWE)

CWE-639

Timeline

Disclosed
June 19, 2026

CVSS

9.9
Critical (9.0–10)
Read the write-up →

What is CVE-2026-55255 Langflow IDOR: Unauthorized Access to Another User's Flow via /api/v1/responses?

Langflow IDOR: Unauthorized Access to Another User's Flow via /api/v1/responses (CVE-2026-55255) maps to the Credential Access and Collection tactics — the adversary is trying to steal account names and passwords in MITRE ATT&CK.

This page provides production-ready detection logic for Langflow IDOR: Unauthorized Access to Another User's Flow via /api/v1/responses, covering the data sources and telemetry it touches: Azure Application Gateway Logs, App Service HTTP Logs, Web Application Firewall Logs, Azure Diagnostics. The queries below are rated critical severity at medium confidence, and ship for 7 SIEM platforms — KQL, SPL, Elastic, QRadar, Sumo, YARA-L, LogScale.

MITRE ATT&CK

Tactic
Credential Access Collection
Microsoft Sentinel / Defender
kusto 
union isfuzzy=true
    AzureDiagnostics,
    AppServiceHTTPLogs
| where TimeGenerated >= ago(24h)
| where requestUri_s has "/api/v1/responses"
    or CsUriStem has "/api/v1/responses"
| extend UriStem = coalesce(requestUri_s, CsUriStem)
| extend StatusCode = coalesce(sc_status_d, ScStatus)
| extend CallerIP = coalesce(clientIP_s, CIp)
| extend UserAgent = coalesce(userAgent_s, CsUserAgent)
| where StatusCode == 200
| summarize
    RequestCount = count(),
    DistinctFlowIds = dcount(extract(@"responses/([^/?]+)", 1, UriStem)),
    FlowIdList = make_set(extract(@"responses/([^/?]+)", 1, UriStem), 100),
    FirstSeen = min(TimeGenerated),
    LastSeen = max(TimeGenerated)
    by CallerIP, UserAgent, bin(TimeGenerated, 10m)
| where DistinctFlowIds >= 5
| extend Severity = case(
    DistinctFlowIds >= 20, "Critical",
    DistinctFlowIds >= 10, "High",
    "Medium"
  )
| project FirstSeen, LastSeen, CallerIP, UserAgent, RequestCount, DistinctFlowIds, FlowIdList, Severity

Detects potential IDOR exploitation against Langflow /api/v1/responses by identifying authenticated sessions that enumerate large numbers of distinct flow IDs within a short window, indicating systematic object reference manipulation.

critical severity medium confidence

Data Sources

Azure Application Gateway Logs App Service HTTP Logs Web Application Firewall Logs Azure Diagnostics

Required Tables

AzureDiagnostics AppServiceHTTPLogs

False Positives

  • Langflow administrators or power users legitimately browsing many flows via the UI
  • Automated integration pipelines that poll multiple flow results in bulk
  • Load testing or health-check scripts that iterate over known flow IDs
  • Langflow platform itself performing internal result aggregation across flows

Sigma rule & cross-platform mapping

The detection logic for Langflow IDOR: Unauthorized Access to Another User's Flow via /api/v1/responses (CVE-2026-55255) above is provided in a vendor-neutral form so you can deploy it on any SIEM. The same logic is shipped here as native KQL (Microsoft Sentinel / Defender), SPL (Splunk), Elastic (Elastic Security (EQL)), QRadar (IBM QRadar (AQL)), Sumo (Sumo Logic CSE), YARA-L (Google Chronicle / SecOps), LogScale (CrowdStrike LogScale (CQL)) queries. In Sigma terms, this detection targets the following logsource: 

logsource:
  category: network_connection
  product: windows

Browse the community-maintained Sigma rules for this technique:

SigmaHQ rules for CVE-2026-55255 Sigma rules on detection.fyi

Platform-specific guides for CVE-2026-55255

Detect in Microsoft Sentinel (KQL) Detect in Splunk (SPL) Detect in Elastic Security (Elastic) Detect in IBM QRadar (QRadar) Detect in Sumo Logic CSE (Sumo) Detect in Google Chronicle (YARA-L) Detect in CrowdStrike LogScale (LogScale)
Last updated: 2026-06-21 Research depth: standard
References (3)

Testing Methodology

Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Unauthenticated Flow ID Discovery via /api/v1/responses

    Expected signal: 20 GET requests to /api/v1/responses/* within seconds, all from the same source IP and Authorization header, appearing in web/application access logs

  2. Test 2Targeted Cross-User Flow Access Using Known Flow ID

    Expected signal: Single authenticated GET request to /api/v1/responses/<victim_flow_id> returning HTTP 200 with flow response data belonging to a different user

  3. Test 3Scripted Flow Enumeration with Response Exfiltration

    Expected signal: 50 GET requests to /api/v1/responses/* within approximately 30 seconds, with a subset returning HTTP 200 and response bodies containing flow data; all from single source IP

Unlock Pro Content

Get the full detection package for CVE-2026-55255 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0006Credential AccessTA0009Collection

Related Techniques

T1530Data from Cloud StorageT1078Valid AccountsT1083File and Directory Discovery

Same Tactic: Credential Access

Popular Detections