إرسال #791922: Langflow <= 1.8.3 Authentication Bypass by Spoofingالمعلومات

عنوان	Langflow <= 1.8.3 Authentication Bypass by Spoofing
الوصف	# Technical Details An IP Spoofing vulnerability exists in the Model Context Protocol (MCP) configuration API of Langflow. An authenticated remote attacker can bypass a "local-only" restriction designed to prevent remote clients from modifying the server's local MCP configuration files. The application incorrectly trusts the user-supplied `X-Forwarded-For` HTTP header without validating its integrity against a trusted reverse proxy configuration, allowing an attacker to spoof the loopback address (`127.0.0.1`). # Vulnerable Code File: `src/backend/base/langflow/api/v1/mcp_projects.py` Method: `get_client_ip()` / `install_mcp_config()` Why: The `get_client_ip` function blindly reads `request.headers.get("X-Forwarded-For")` and returns the first IP in the list. The `install_mcp_config` endpoint then passes this spoofable IP into `is_local_ip()`. If the attacker injects `X-Forwarded-For: 127.0.0.1`, the security check passes and grants access to the restricted administrative functionality. # Reproduction 1. An attacker obtains valid login credentials or a bearer token (even with minimal privileges). 2. The attacker identifies a valid project ID within Langflow. 3. The attacker issues an API request to `POST /api/v1/mcp/project/<project_id>/install` from a remote machine, injecting the HTTP header `X-Forwarded-For: 127.0.0.1`. 4. The server's logic is tricked into believing the request originated from `localhost`, allowing the attacker to arbitrarily specify and write to local configuration files (like `mcp.json`). # Impact - Arbitrary Configuration Write: Remote attackers can manipulate the MCP settings for backend tools on the server's filesystem. - Security bypass: Defeats network-level boundary defenses implemented by the application logic. - Potential vector for further Server-Side attacks by injecting malicious MCP definitions into developer tools (Cursor, Windsurf) located on the same server instance.
المصدر	⚠️ https://gist.github.com/chenhouser2025/a909c47316b7a0948ee68c109ab747a3
المستخدم	Eric-f (UID 96873)
ارسال	28/03/2026 02:48 PM (24 أيام منذ)
الاعتدال	19/04/2026 03:47 PM (22 days later)
الحالة	تمت الموافقة
إدخال VulDB	358234 [langflow-ai langflow حتى 1.8.3 Model Context Protocol Configuration API mcp_projects.py get_client_ip/install_mcp_config X-Forwarded-For تجاوز الصلاحيات]
النقاط	20

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!