CVE-2026-41487

Name of the Vulnerable Software and Affected Versions Langfuse versions 3.68.0 through 3.166.0

Description A role-based access control flaw exists in the LLM connection update flow. An authenticated user with the "member" role in a project can request an update to an existing LLM connection by changing the baseUrl to one controlled by an attacker. This causes the system to reuse the stored provider secret and redirect the test request to the attacker-controlled endpoint, potentially exposing the plaintext provider LLM API key for that connection.

Recommendations Update to version 3.167.0.