Critical IDOR Vulnerability in Langflow: CVE-2026-33760
A critical IDOR (Insecure Direct Object Reference) vulnerability, CVE-2026-33760, with a CVSS score of 8.8, was discovered in Langflow, a tool for building and deploying AI-powered agents and workflows. This vulnerability allows any authenticated user to read, modify, or permanently delete another user's data by supplying the target's resource ID or flow_id. The vulnerability is fixed in Langflow version 1.9.0. Organizations using Langflow should immediately upgrade to version 1.9.0 or later to mitigate this vulnerability.