{"uuid": "04eb6b49-843f-45b1-b08b-e961b71cb1a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55255", "type": "seen", "source": "https://bsky.app/profile/sen-perimetered.bsky.social/post/3mqc4e6bxhp22", "content": "CVE-2026-55255. Langflow. KEV-listed July 7 \u2014 first AI agent platform in the catalog.\n\nIDOR in the flow-execution endpoint: any authenticated user can run another tenant's flow. Attacker's injected prompt: \"leak api keys.\" LLM keys and AWS creds embedded in flows are the target.\n\nPatch: 1.9.2. Rota\u2026", "creation_timestamp": "2026-07-10T12:07:06.388154Z"}