Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit f15232f7c82b · 2026-03-27T19:37:06.000Z
GHSA-8c4j-f57c-35cf GHSA-x34h-54cw-9825
diff --git a/advisories/github-reviewed/2026/03/GHSA-8c4j-f57c-35cf/GHSA-8c4j-f57c-35cf.json b/advisories/github-reviewed/2026/03/GHSA-8c4j-f57c-35cf/GHSA-8c4j-f57c-35cf.json
@@ -0,0 +1,87 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8c4j-f57c-35cf",
+  "modified": "2026-03-27T19:36:23Z",
+  "published": "2026-03-27T19:36:23Z",
+  "aliases": [
+    "CVE-2026-34046"
+  ],
+  "summary": "Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check",
+  "details": "## Vulnerability\n\n### IDOR in `GET/PATCH/DELETE /api/v1/flow/{flow_id}`\n\nThe `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check — the query returned any flow matching the given UUID regardless of who owned it.\n\nThis exposed any authenticated user to:\n\n- **Read** any other user's flow, including embedded plaintext API keys\n- **Modify** the logic of another user's AI agents\n- **Delete** flows belonging to other users\n\nThe vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with `user_id = NULL`) under auto-login mode, but inadvertently left the authenticated path without an ownership filter.\n\n---\n\n## Fix (PR #8956)\n\nThe fix removes the `AUTO_LOGIN` conditional entirely and unconditionally scopes the query to the requesting user:\n\n```diff\n-    auth_settings = settings_service.auth_settings\n-    stmt = select(Flow).where(Flow.id == flow_id)\n-    if auth_settings.AUTO_LOGIN:\n-        stmt = stmt.where(\n-            (Flow.user_id == user_id) | (Flow.user_id == None)  # noqa: E711\n-        )\n+    stmt = select(Flow).where(Flow.id == flow_id).where(Flow.user_id == user_id)\n```\n\nAll three operations — read, update, and delete — route through `_read_flow`, so the single change covers the full attack surface. A cross-user isolation test (`test_read_flows_user_isolation`) was added to prevent regression.\n\n---\n\n## Acknowledgements\n\nLangflow thanks the security researcher who responsibly disclosed this vulnerability:\n\n- **[@chximn-dt](https://github.com/chximn-dt)**",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "langflow"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.5.1"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.5.0"
+      }
+    },
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "langflow-base"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.5.1"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.5.0"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-8c4j-f57c-35cf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/langflow-ai/langflow/pull/8956"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/langflow-ai/langflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639",
+      "CWE-862"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-27T19:36:23Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-x34h-54cw-9825/GHSA-x34h-54cw-9825.json b/advisories/github-reviewed/2026/03/GHSA-x34h-54cw-9825/GHSA-x34h-54cw-9825.json
@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x34h-54cw-9825",
+  "modified": "2026-03-27T19:35:16Z",
+  "published": "2026-03-27T19:35:16Z",
+  "aliases": [
+    "CVE-2026-34042"
+  ],
+  "summary": "act: actions/cache server allows malicious cache injection",
+  "details": "act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local actions, one can create malicious caches containing whatever files one pleases, most likely allowing arbitrary remote code execution within the Docker container.\n\n## Discovery\n\nDiscovered while discussing [forgejo/runner#294](https://code.forgejo.org/forgejo/runner/issues/294).\n\n## Proposed Mitigation\n\nIt was discussed to append a secret to `ACTIONS_CACHE_URL` to retain compatibility with GitHub's cache action and still allow authorization. Forgejo is considering also encoding which repo is currently being run in CI into the secret in the URL to prevent unrelated repos using the same (probably global) runner from seeing each other's caches.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/nektos/act"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.2.86"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.2.85"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/nektos/act/security/advisories/GHSA-x34h-54cw-9825"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nektos/act/commit/c28c27e141e8b54f9853de82f421ee09846751f7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code.forgejo.org/forgejo/runner/issues/294"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/nektos/act"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nektos/act/releases/tag/v0.2.86"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-27T19:35:16Z",
+    "nvd_published_at": null
+  }
+}
