CVE-2026-5025
Received Received - Intake
Unauthorized Log Access via Insecure Authentication in Log Router

Publication date: 2026-03-27

Last updated on: 2026-04-20

Assigner: Tenable Network Security, Inc.

Description
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-20
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5025
EUVD
EUVD-2026-16664
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langflow langflow *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows any authenticated user to read the full application log buffer without privilege checks, potentially exposing sensitive information contained in logs.

Such unauthorized access to sensitive log data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

Executive Summary

This vulnerability exists in the '/logs' and '/logs-stream' endpoints of the log router. Any authenticated user can access these endpoints and read the full application log buffer.

The endpoints require only basic authentication (via 'get_current_active_user') and do not perform any privilege checks such as verifying if the user is a superuser.

Impact Analysis

Because any authenticated user can read the full application log buffer without privilege checks, sensitive information contained in the logs could be exposed to unauthorized users.

This could lead to information disclosure, potentially exposing confidential data or system details that could be leveraged for further attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5025. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart