PT-2026-41486 · Go · Github.Com/Getaxonflow/Axonflow
Publicado
2026-05-06
·
Atualizado
2026-05-06
CVSS v3.1
9.1
Crítica
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L |
Summary
Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a single platform upgrade.
Affected versions
< 7.5.0. Specific items affect different earlier minors; see Impact below.Patched versions
>= 7.5.0.Impact
| # | Item | Affected | Patched | CWE |
|---|---|---|---|---|
| 1 | MAP execution multi-tenant isolation. A body-supplied org id could override the Basic-auth-derived org for both execution recording and policy evaluation. In multi-tenant deployments with shared agents, this could record one tenant's request under another tenant's audit log and evaluate it under the wrong tenant's policy set. | < 7.4.5 | >= 7.4.5 | CWE-863 |
| 2 | Cross-tenant audit-log leak via evidence/explain handlers. The handlers behind /api/v1/evidence/* and /api/v1/decisions/*/explain failed open when the tenant context was missing, returning data scoped to a different tenant or returning data without scope. | < 7.2.0 | >= 7.2.0 | CWE-200, CWE-863 |
| 3 | License-validation bypass on onboard-customer. The portal customer-onboard endpoint lacked authentication and license-key validation, allowing unauthenticated callers to invoke the onboard flow. | < 7.2.0 | >= 7.2.0 | CWE-862 |
| 4 | Tenant-scope fail-open on evidence/explain. Distinct from item 2: when tenant headers were absent, the handler defaulted to a permissive read scope rather than refusing the request. | < 7.2.0 | >= 7.2.0 | CWE-862 |
| 5 | Internal-service auth fallback bypass in non-Community modes. Evaluation/Enterprise builds carried an auth fallback path that, under specific request shapes, could be exploited to bypass apiAuthMiddleware. | < 7.2.0 | >= 7.2.0 | CWE-863 |
| 6 | Login timing / org-existence disclosure on the portal. The login handler returned different timing and response bodies for invalid-org vs invalid-password, allowing org enumeration. | < 7.1.3 | >= 7.1.3 | CWE-208 |
| 7 | Portal DoS via unbounded request body. The portal accepted unbounded request bodies, allowing memory-exhaustion attacks. Capped at 1 MiB. | < 7.1.5 | >= 7.1.5 | CWE-770 |
| 8 | SQL-injection enforcement regression on try.getaxonflow.com. The Community SaaS hosted endpoint inherited the warn SQLi default introduced in v6.2.0, allowing SQL-injection-shaped requests to pass governance to the LLM. Self-hosted deployments were unaffected unless they manually changed the default. | < 7.5.0 (try.getaxonflow.com only) | >= 7.5.0 | CWE-89 |
Remediation
Upgrade to AxonFlow platform v7.5.0 or later. No configuration changes required — the platform is purely additive and existing API/SDK callers continue to work.
For users who can't upgrade immediately, item-specific mitigations:
- Items 1–5: ensure the agent middleware sets
X-Org-ID/X-Tenant-IDfrom authenticated identity at the ingress, never accepting body-supplied identity. - Item 8 (Community SaaS):
SQLI ACTION=blockcan be set explicitly via the agent task definition; v7.5.0 makes this the default.
Resources
- AxonFlow v7.5.0 CHANGELOG entry: https://github.com/getaxonflow/axonflow/blob/main/CHANGELOG.md
- AxonFlow v7.5.0 GitHub Release: https://github.com/getaxonflow/axonflow/releases/tag/v7.5.0
Credit
Identified by AxonFlow internal security review during the April 2026 quality-freeze epic.
Correção
SQL injection
Allocation of Resources Without Limits
Information Disclosure
Incorrect Authorization
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Github.Com/Getaxonflow/Axonflow