CVE-2026-5025 in langflow-ai langflowinformación

Resumen (Inglés)

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').

Responsable

tenable

Reservar

2026-03-27

Divulgación

2026-03-27

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
353944langflow-ai langflow Endpoint logs get_current_active_user escalada de privilegios862No está definidoNo está definidoCVE-2026-5025

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!