Detect Langflow IDOR: Unauthorized Access to Another User's Flow via /api/v1/responses in Microsoft Sentinel
CVE-2026-55255 is a critical IDOR (Insecure Direct Object Reference) vulnerability in Langflow versions prior to 1.9.1. An authenticated attacker can enumerate and access another user's flow data by manipulating object identifiers in requests to the /api/v1/responses endpoint. With a CVSS score of 9.9, this vulnerability allows horizontal privilege escalation between users, potentially exposing sensitive AI flow configurations, credentials embedded in flows, and proprietary automation logic.
MITRE ATT&CK
- Tactic
- Credential Access Collection
KQL Detection Query
union isfuzzy=true
AzureDiagnostics,
AppServiceHTTPLogs
| where TimeGenerated >= ago(24h)
| where requestUri_s has "/api/v1/responses"
or CsUriStem has "/api/v1/responses"
| extend UriStem = coalesce(requestUri_s, CsUriStem)
| extend StatusCode = coalesce(sc_status_d, ScStatus)
| extend CallerIP = coalesce(clientIP_s, CIp)
| extend UserAgent = coalesce(userAgent_s, CsUserAgent)
| where StatusCode == 200
| summarize
RequestCount = count(),
DistinctFlowIds = dcount(extract(@"responses/([^/?]+)", 1, UriStem)),
FlowIdList = make_set(extract(@"responses/([^/?]+)", 1, UriStem), 100),
FirstSeen = min(TimeGenerated),
LastSeen = max(TimeGenerated)
by CallerIP, UserAgent, bin(TimeGenerated, 10m)
| where DistinctFlowIds >= 5
| extend Severity = case(
DistinctFlowIds >= 20, "Critical",
DistinctFlowIds >= 10, "High",
"Medium"
)
| project FirstSeen, LastSeen, CallerIP, UserAgent, RequestCount, DistinctFlowIds, FlowIdList, SeverityDetects potential IDOR exploitation against Langflow /api/v1/responses by identifying authenticated sessions that enumerate large numbers of distinct flow IDs within a short window, indicating systematic object reference manipulation.
Data Sources
Required Tables
False Positives & Tuning
- Langflow administrators or power users legitimately browsing many flows via the UI
- Automated integration pipelines that poll multiple flow results in bulk
- Load testing or health-check scripts that iterate over known flow IDs
- Langflow platform itself performing internal result aggregation across flows
Other platforms for CVE-2026-55255
Testing Methodology
Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1Unauthenticated Flow ID Discovery via /api/v1/responses
Expected signal: 20 GET requests to /api/v1/responses/* within seconds, all from the same source IP and Authorization header, appearing in web/application access logs
- Test 2Targeted Cross-User Flow Access Using Known Flow ID
Expected signal: Single authenticated GET request to /api/v1/responses/<victim_flow_id> returning HTTP 200 with flow response data belonging to a different user
- Test 3Scripted Flow Enumeration with Response Exfiltration
Expected signal: 50 GET requests to /api/v1/responses/* within approximately 30 seconds, with a subset returning HTTP 200 and response bodies containing flow data; all from single source IP
Unlock Pro Content
Get the full detection package for CVE-2026-55255 including response playbook, investigation guide, and atomic red team tests.