Mustafabilgici

**Name of the Vulnerable Software and Affected Versions** Langfuse versions 3.68.0 through 3.166.0 **Description** A role-based access control flaw exists in the LLM connection update flow. An authenticated user with the "member" role in a project can request an update to an existing LLM connection by changing the `baseUrl` to one controlled by an attacker. This causes the system to reuse the stored provider secret and redirect the test request to the attacker-controlled endpoint, potentially exposing the plaintext provider LLM API key for that connection. **Recommendations** Update to version 3.167.0.