CVE-2026-24055

CVSS v4.0

6.3

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Langfuse versions 3.146.0 and below

Description Langfuse is an open source large language model engineering platform. The

/api/public/slack/install

endpoint initiates Slack OAuth using a

projectId

provided by the client without authentication or authorization. The

projectId

is preserved throughout the OAuth flow, and the callback stores installations based on this untrusted metadata. This allows an attacker to bind their Slack workspace to any project and potentially receive changes to prompts stored in Langfuse Prompt Management. An attacker can replace existing Prompt Slack Automation integrations or pre-register a malicious one, though the latter requires an authenticated user to unknowingly configure it despite visible workspace and channel indicators in the UI.

Recommendations Update to version 3.147.0 or later.

Exploit

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2026-24055

GHSA-PVQ7-VVFJ-P98X

Affected Products

Langfuse

CVE-2026-24055

Weakness Enumeration

Related Identifiers

Affected Products

References · 11