Compliance Impact

The vulnerability allows unauthenticated access to the Reflex web UI, enabling attackers to read uploaded datasets, trigger arbitrary training runs, push tampered models to external repositories, and cause denial-of-service conditions. This unauthorized access to potentially sensitive data and operations can lead to violations of data protection and security requirements mandated by standards such as GDPR and HIPAA.

Specifically, the exposure of datasets without authentication compromises confidentiality and integrity of data, which are core principles in these regulations. The ability to push tampered models and cause denial-of-service also undermines system integrity and availability, further impacting compliance.

Therefore, organizations using affected versions of backpropagate (1.1.0 and 1.1.1) without the patch risk non-compliance with common data protection and security standards until they upgrade to version 1.2.0 or apply recommended mitigations such as restricting UI access to localhost and using SSH port-forwarding.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the backpropagate Reflex web UI is running with the vulnerable versions 1.1.0 or 1.1.1 and if it is exposing the UI without proper authentication despite using the --auth or --share flags.

You can detect the vulnerability by scanning for open ports where the Reflex UI is bound (default port 7860) and attempting to access the UI without authentication.

Suggested commands include:

• Use netstat or ss to check if the Reflex UI port is open and listening: `netstat -tuln | grep 7860` or `ss -tuln | grep 7860`
• Use curl or a web browser to attempt accessing the UI endpoint without authentication: `curl http://<host>:7860`
• Check the process command line to see if backpropagate is running with the --auth or --share flags: `ps aux | grep backpropagate`
• Audit any SSH port-forwarding or network exposure that might allow remote access to the Reflex UI port.

Useful 0 Not Useful 0

Executive Summary

The vulnerability in backpropagate versions 1.1.0 and 1.1.1 involves the Reflex web UI exposing a training control plane without enforcing authentication, despite CLI flags suggesting otherwise.

Although the CLI accepts the --auth user:pass flag to require HTTP Basic authentication and the --share flag to expose the UI publicly with authentication, the Reflex backend never reads the authentication environment variable and does not implement any authentication middleware or request guards.

As a result, any client that can reach the bound port—locally or remotely—has full access to the UI without needing to authenticate.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows attackers who can access the bound port to perform several malicious actions without authentication.

• Read uploaded datasets.
• Trigger arbitrary training runs on any local base models and read their file paths.
• Push tampered or unauthorized model weights to the HuggingFace Hub.
• Cause denial-of-service conditions by filling disk space through unchecked file uploads.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade backpropagate to version 1.2.0 or later, which includes proper authentication middleware and multiple security improvements.

If immediate upgrade is not possible, avoid using the --auth or --share flags when running the backpropagate UI.

Instead, run the UI bound only to localhost (no flags) and use SSH port-forwarding to securely access the UI remotely, for example: `ssh -L 7860:localhost:7860 <training-host>`.

Audit any hosts previously launched with the --share flag and re-issue any HuggingFace tokens used during those sessions to prevent unauthorized access.

Useful 0 Not Useful 0