Active Exploitation Detected

On June 25, 2026, the Sysdig Threat Research Team observed the first known active exploitation of CVE-2026-55255, a CVSS 9.9 critical Langflow vulnerability tracked as a cross-tenant insecure direct object reference (IDOR).

An operator from IP 45.207.216.55 executed both CVE-2026-55255 (IDOR) and CVE-2026-33017 (RCE) against the same Langflow instance on that date. The operator first probed the Langflow instance on June 22, 2026, then returned on June 25, 2026 for sustained exploitation.

Attack Methodology

The attacker enumerated flows via GET /api/v1/flows/, then replayed the disclosed flow IDs as the model parameter on POST /api/v1/responses with input: ‘leak api keys’. This approach allowed cross-tenant access to sensitive data.

The RCE payloads injected a Langflow custom component that shelled out to download and execute a second stage from 45.207.216.55:8084/slt with a /tmp/lang_pwn execution marker.

CVE-2026-55255 Context

CVE-2026-55255 has zero previously reported in-the-wild exploitations prior to this incident, is not in CISA KEV, and has no public proof-of-concept beyond the advisory’s own curl command. The vulnerability was fixed in Langflow PR #12832 / Langflow 1.9.1.

CVE-2026-33017, a CVSS 9.3 unauthenticated RCE vulnerability in Langflow, was exploited within 20 hours of disclosure. This vulnerability has approximately 7,000 servers under attack and was added to CISA KEV on March 25, 2026.

Threat Actor Assessment

There is no evidence the operator was LLM-driven or that this operation was conducted by an agentic threat actor; the behavior is consistent with a scripted toolkit running a fixed playbook.

Source: Sysdig