Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN002
_____________________________________________________________________

DATE                : 07/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Langflow versions prior to 1.7.1.

=====================================================================
https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx
_____________________________________________________________________


Missing Authentication on Critical API Endpoints
Critical
jordanrfrazier published GHSA-c5cp-vx83-jhqx Jan 2, 2026

Package
No package listed

Affected versions
<= 1.7.0

Patched versions
1.7.1


Description

Summary

Multiple critical API endpoints in Langflow are missing authentication
controls, allowing any unauthenticated user to access sensitive user
conversation data, transaction histories, and perform destructive
operations including message deletion. This affects endpoints handling
personal data and system operations that should require proper
authorization.


Details

The vulnerability exists in three API endpoints within
src/backend/base/langflow/api/v1/monitor.py that are missing the
required dependencies=[Depends(get_current_active_user)] authentication
dependency:


Affected Endpoints:

    GET /api/v1/monitor/messages (Line 61)

    @router.get("/messages")  # ❌ Missing authentication
    async def get_messages(
        session: DbSession,
        flow_id: Annotated[UUID | None, Query()] = None,
        session_id: Annotated[str | None, Query()] = None,
        # ... other parameters
    ) -> list[MessageResponse]:

    GET /api/v1/monitor/transactions (Line 183)

    @router.get("/transactions")  # ❌ Missing authentication
    async def get_transactions(
        flow_id: Annotated[UUID, Query()],
        session: DbSession,
        params: Annotated[Params | None, Depends(custom_params)],
    ) -> Page[TransactionTable]:

    DELETE /api/v1/monitor/messages/session/{session_id} (Line 165)

    @router.delete("/messages/session/{session_id}", status_code=204)  # ❌ Missing authentication
    async def delete_messages_session(
        session_id: str,
        session: DbSession,
    ):

Inconsistency Evidence:
Other endpoints in the same file properly implement authentication:

@router.get("/messages/sessions", dependencies=[Depends(get_current_active_user)])  # ✅ Properly secured
@router.delete("/messages", status_code=204, dependencies=[Depends(get_current_active_user)])  # ✅ Properly secured


PoC

Complete reproduction steps to demonstrate the vulnerability:

Prerequisites:

    Start a Langflow server instance
    Ensure no authentication headers or API keys are provided

Reproduction Commands:

# 1. Access all user conversations without authentication
curl http://localhost:7860/api/v1/monitor/messages

# 2. Access transaction history without authentication
curl "http://localhost:7860/api/v1/monitor/transactions?flow_id=00000000-0000-0000-0000-000000000000"

# 3. Delete user messages by session without authentication
curl -X DELETE http://localhost:7860/api/v1/monitor/messages/session/00000000-0000-0000-0000-000000000000

Expected vs Actual Behavior:

    Expected: All requests should return 401 Unauthorized
    Actual: All requests return successful responses with sensitive
data or perform destructive operations

Impact

Vulnerability Type: Broken Authentication and Authorization
(OWASP Top 10 - A01:2021)

Severity: High

Who is Impacted:

    All Langflow users: Personal conversation data exposed to
unauthorized access
    System administrators: Transaction logs disclosed

Specific Impacts:

    Data Breach: Unauthorized access to user conversations containing
potentially sensitive personal information
    Privacy Violation: Transaction histories and user activity patterns
exposed without consent
    Data Destruction: Malicious actors can delete user conversation
histories without authorization
    Compliance Risk: Potential violations of data protection
regulations (GDPR, CCPA, etc.)
    System Intelligence: Attackers can gather information about system
usage patterns and user behavior


Attack Scenarios:

    Malicious users accessing proprietary conversation data
    Malicious users deleting other users' conversation histories
    Automated scraping of all user conversations for data harvesting
    Reconnaissance attacks to understand system architecture and usage
patterns

Recommended Fix:
Add authentication dependencies to all affected endpoints:

@router.get("/messages", dependencies=[Depends(get_current_active_user)])
@router.get("/transactions", dependencies=[Depends(get_current_active_user)])
@router.delete("/messages/session/{session_id}", dependencies=[Depends(get_current_active_user)])

Environment:

    Langflow Version: Current main branch
    Affected Components: API v1 monitoring endpoints
    Authentication System: FastAPI dependency injection with
get_current_active_user


25-090901

Severity
Critical
9.3/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required None
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability None
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CVE ID
CVE-2026-21445

Weaknesses
Weakness CWE-306

Credits

    @kj84park kj84park Reporter
    @juh0ng juh0ng Reporter


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================