Composio Authentication Bypass Vulnerability via x-api-key Header

Vulnerability

An authentication bypass vulnerability has been identified in Composio version 0.5.10. The issue arises because the API does not properly validate the value of the x-api-key header during the authentication process. This flaw allows attackers to gain unauthorized access to the server by simply providing a random value in the x-api-key header.

Impact

Exploitation of this vulnerability allows for unauthorized access to the server, bypassing authentication mechanisms.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Composio Authentication Bypass Vulnerability via x-api-key Header

Vulnerability

Impact

Affected Products

composiohq/composio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating