CISA directs rapid patching of Langflow auth bypass
π The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to urgently patch an actively exploited Langflow authentication bypass (CVE-2026-55255) that lets authenticated actors access other users' flows by abusing the /api/v1/responses endpoint with a victim's UUID. First observed in the wild by Sysdig on June 25, attackers sought code execution, implants, compute and credentials. CISA added the flaw to its Known Exploited Vulnerabilities Catalog and required FCEB remediation under BOD 26-04 by Friday.
