Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) The US Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow vulnerability (CVE-2026-55255) to its Known Exploited Vulnerabilities catalog after the Sysdig Threat Research Team observed active exploitation. Attackers are using the flaw in the open-source AI agent framework for credential harvesting, prompting a warning from CISA. The US Cybersecurity and Infrastructure Security Agency CISA is warning about yet another Langflow vulnerability CVE-2026-55255 leveraged by attackers in the wild. The flaw was added to the agency’s Known Exploited Vulnerabilities catalog on Tuesday, July 7, nearly two weeks after the Sysdig Threat Research Team observed it being actively targeted. CVE-2026-55255 exploited Langflow is an open-source visual framework for building AI agents and workflows, widely used by individual developers, enterprises, and service providers. CVE-2026-55255 … More https://www.helpnetsecurity.com/2026/07/08/langflow-vulnerability-cve-2026-55255-exploited/ The post Attackers using Langflow flaw for credential harvesting CVE-2026-55255 https://www.helpnetsecurity.com/2026/07/08/langflow-vulnerability-cve-2026-55255-exploited/ appeared first on Help Net Security https://www.helpnetsecurity.com .