CVE-2026-55255 is an actively exploited IDOR vulnerability in Langflow’s /api/v1/responses endpoint that allows any authenticated user to execute AI workflows belonging to other users without authorization checks. It is listed in both the CISA and VulnCheck KEV catalogs, confirming exploitation in the wild, and is patched in Langflow 1.9.2. Any organization using Langflow to build or host AI agents in versions prior to 1.9.2 should treat this as an emergency remediation item.