Langflow Missing Authorization Vulnerability in Log Router Endpoints

Vulnerability

A vulnerability exists in the Langflow application within the log router's '/logs' and '/logs-stream' endpoints. These endpoints allow any authenticated user to access the complete application log buffer. The vulnerability arises because the endpoints only require basic authentication and lack proper privilege checks, such as verifying superuser status.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive application log data, which could potentially contain confidential information or insights into the application's operation.

Added: Mar 27, 2026, 3:22 PM

Updated: Mar 27, 2026, 3:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Langflow Missing Authorization Vulnerability in Log Router Endpoints

Vulnerability

Impact

Affected Products

Langflow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating