CVE-2026-5025 in langflow-ai langflow
Résumé (Anglaise)
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').
Responsable
tenable
Réserver
27/03/2026
Divulgation
27/03/2026
Entrées
| ID | Vulnérabilité | CWE | Base | Temp | 0day | Aujourd'hui | Exp | KEV | EPSS | CTI | Con | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 353944 | langflow-ai langflow Endpoint logs get_current_active_user élévation de privilèges | 862 | 5.4 | 5.4 | $0-$5k | $0-$5k | Non défini | 0.00037 | 0.00 | Non défini | CVE-2026-5025 |