PT-2026-28739 · Langflow Ai · Langflow
Published
2026-03-27
·
Updated
2026-03-27
·
CVE-2026-5025
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get current active user') without any privilege checks (e.g., 'is superuser').
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Langflow