CVE-2026-55255 is a CISA KEV-confirmed IDOR vulnerability in Langflow that allows any authenticated user to execute other users’ AI workflows without permission, with active exploitation confirmed in the wild. Organizations running Langflow versions prior to 1.9.2 for AI workflow automation face immediate risk of cross-tenant workflow execution, data exfiltration via manipulated automation, and disruption of AI-driven business processes.