{"data":{"id":"b27a3ec8-0d17-4345-9ff9-a7cfe315dfa2","title":"CISA orders feds to prioritize patching Langflow auth bypass flaw","summary":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch an actively exploited vulnerability in Langflow, a popular tool for building AI agents with a drag-and-drop interface. The flaw, tracked as CVE-2026-55255, is an IDOR (insecure direct object reference, where an attacker can access data they shouldn't by manipulating request parameters) that lets authenticated attackers view other users' workflows and steal sensitive data or computing resources. Attackers are already using this vulnerability to gain code execution and deploy malware to compromise servers and steal credentials.","solution":"CISA ordered federal agencies to patch the vulnerability by Friday, as required by Binding Operational Directive (BOD) 26-04. The source states that 'stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines,' but does not provide specific patch version numbers or technical patching instructions.","labels":["security"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-prioritize-patching-langflow-auth-bypass-flaw/","publishedAt":"2026-07-08T09:58:11.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["rag_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-08T09:58:11.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}