Langflow IP Spoofing Vulnerability in Model Context Protocol Configuration API

A vulnerability allowing IP spoofing has been identified in the Langflow application, specifically in versions through 1.8.3. The issue arises in the Model Context Protocol (MCP) Configuration API, within the 'get_client_ip' function of 'src/backend/base/langflow/api/v1/mcp_projects.py'. This vulnerability allows authenticated remote attackers to bypass local-only access restrictions by manipulating the 'X-Forwarded-For' header. The application fails to properly validate this header, enabling attackers to spoof their IP address as '127.0.0.1' and gain unauthorized access to administrative functions that should only be available to local users.

Impact

Exploitation of this vulnerability allows authenticated remote attackers to bypass local access restrictions and arbitrarily write or modify MCP configuration files on the server. This could disrupt the development environment or inject malicious definitions that could be exploited through integrated development tools.

Reproduction

To reproduce this vulnerability, authenticate with the Langflow application to obtain a valid access token. Then, identify a project ID and send a POST request to the MCP installation endpoint, including the spoofed 'X-Forwarded-For' header set to '127.0.0.1'. The server will respond as if the request came from a local connection, allowing the specified configuration file to be created or modified on the server.

Remediation

It is recommended to implement proper firewall rules to block unauthorized access and prevent exploitation of this vulnerability.