Understanding Langflow CVE-2026-55255, and Why Higher CVSS Vulnerabilities Aren't Always the Most Exploited
Sysdig, Friday, June 26th, 2026
Sysdig finds a higher-scored Langflow CVE drew less attacker interest than a lower-scored, easier-to-exploit flaw.
The Sysdig Threat Research Team documented the first active exploitation of CVE-2026-55255, a critical Langflow vulnerability rated 9.9 on CVSS. Counterintuitively, this higher-scored flaw proved less attractive than the lower-scored CVE-2026-33017 (CVSS 9.3), which has already seen thousands of exploitation attempts.
The research argues that real-world factors such as authentication requirements and exploitation difficulty matter more than numeric scores.
Observing one Langflow instance, attackers invested far more effort in the unauthenticated RCE while treating the IDOR as secondary, showing how actors optimize yield against operational cost.