CVE-2026-41487

EPSS 0.18%
Veröffentlicht 08.05.2026 14:27:48
Zuletzt bearbeitet 13.05.2026 17:12:55
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is  a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an existing LLM connection to an attacker-controlled baseUrl, causing Langfuse to reuse the stored provider secret and redirect the test request to an attacker-controlled endpoint. This could expose the plaintext provider LLM API key for that connection. The attack is only possible if a user is already part of a project and has “member” scoped access. This issue has been patched in version 3.167.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Langfuse ≫ Langfuse Version >= 3.68.0 < 3.167.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
security-advisories@github.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/langfuse/langfuse/security/advisories/GHSA-2524-j966-gfgh

Patch

Vendor Advisory

Mitigation

https://github.com/langfuse/langfuse/pull/13027

Patch

Issue Tracking

https://github.com/langfuse/langfuse/pull/13055

Patch

Issue Tracking

https://github.com/langfuse/langfuse/commit/7527bb0d84bc0a3dc24a4b16d22ed2e46e6dddff

Patch

https://github.com/langfuse/langfuse/commit/e12386f9d4368bbfff24a4ad7fd53641091605ff

Patch

https://github.com/langfuse/langfuse/releases/tag/v3.167.0

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-41487

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-41487

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-41487

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-41487