CVE-2026-5025 in langflow-ai langflow정보

요약 (영어)

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').

책임이 있는

tenable

예약하다

2026. 03. 27.

공개

2026. 03. 27.

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디	취약성	CWE	악용	대책	CVE
353944	langflow-ai langflow Endpoint logs get_current_active_user 권한 상승	862	정의되지 않음	정의되지 않음	CVE-2026-5025

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

◂ 이전개요다음 ▸

Interested in the pricing of exploits?

See the underground prices here!