CVE-2026-5025 in langflow-ai langflow
摘要 (英语)
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').
负责
tenable
预定
2026-03-27
披露
2026-03-27
条目
| 标识符 | 漏洞 | CWE | 基础 | 临时 | 0day | 今天 | 可利用 | KEV | EPSS | CTI | 对策 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 353944 | langflow-ai langflow Endpoint logs get_current_active_user 权限提升 | 862 | 5.4 | 5.4 | $0-$5k | $0-$5k | 未定义 | 0.00037 | 0.00 | 未定义 | CVE-2026-5025 |