{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/image-retrieval/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Langflow"],"_cs_severities":["medium"],"_cs_tags":["langflow","unauthenticated-access","image-retrieval","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Langflow"],"content_html":"\u003cp\u003eLangflow, a tool used for building and deploying AI-powered agents and workflows, is susceptible to an unauthenticated image retrieval vulnerability. Specifically, versions 1.0.0 through 1.8.1 expose the \u003ccode\u003e/api/v1/files/images/{flow_id}/{file_name}\u003c/code\u003e endpoint without implementing any authentication or ownership validation. This oversight enables any unauthenticated user with knowledge of a \u003ccode\u003eflow_id\u003c/code\u003e and \u003ccode\u003efile_name\u003c/code\u003e to retrieve the corresponding image. In a multi-tenant Langflow deployment, this vulnerability permits an attacker who can discover or guess a valid \u003ccode\u003eflow_id\u003c/code\u003e (which the advisory notes can be leaked through other API responses) to download images uploaded by other users without providing any credentials. The vulnerability is identified as CVE-2026-33484, and a patch is available in version 1.9.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Langflow instance running a vulnerable version (1.0.0 - 1.8.1).\u003c/li\u003e\n\u003cli\u003eAttacker discovers a valid \u003ccode\u003eflow_id\u003c/code\u003e. This could occur through reconnaissance of API responses, error messages, or other information leakage.\u003c/li\u003e\n\u003cli\u003eAttacker identifies or guesses the \u003ccode\u003efile_name\u003c/code\u003e of an image associated with the discovered \u003ccode\u003eflow_id\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker crafts an HTTP GET request to the vulnerable endpoint: \u003ccode\u003e/api/v1/files/images/{flow_id}/{file_name}\u003c/code\u003e, substituting the known \u003ccode\u003eflow_id\u003c/code\u003e and \u003ccode\u003efile_name\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Langflow server, lacking authentication or ownership checks, processes the request.\u003c/li\u003e\n\u003cli\u003eThe server responds with HTTP 200 and includes the requested image in the response body.\u003c/li\u003e\n\u003cli\u003eAttacker downloads the image.\u003c/li\u003e\n\u003cli\u003eAttacker potentially repeats the process with different \u003ccode\u003eflow_id\u003c/code\u003e and \u003ccode\u003efile_name\u003c/code\u003e combinations to exfiltrate additional images.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthorized access to potentially sensitive images uploaded by Langflow users. In a multi-tenant environment, this can lead to a significant breach of confidentiality, as attackers can access data belonging to other users without authentication. The observed damage includes unauthorized viewing and potential exfiltration of user data. The severity of the impact is dependent on the content of the images and the level of trust placed in the Langflow instance.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Langflow to version 1.9.0 or later to apply the patch for CVE-2026-33484.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Langflow Unauthenticated Image Retrieval Attempt\u003c/code\u003e to identify attempts to exploit this vulnerability in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to the \u003ccode\u003e/api/v1/files/images/\u003c/code\u003e endpoint, especially those lacking valid authentication tokens or session cookies.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-26T12:00:00Z","date_published":"2024-01-26T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-langflow-unauth-image-retrieval/","summary":"Langflow versions 1.0.0 through 1.8.1 are vulnerable to an unauthenticated image retrieval vulnerability (CVE-2026-33484) that allows attackers to download any user's uploaded images without credentials in multi-tenant deployments by accessing the `/api/v1/files/images/{flow_id}/{file_name}` endpoint.","title":"Langflow Unauthenticated Image Retrieval Vulnerability (CVE-2026-33484)","url":"https://feed.craftedsignal.io/briefs/2024-01-langflow-unauth-image-retrieval/"}],"language":"en","title":"CraftedSignal Threat Feed - Image-Retrieval","version":"https://jsonfeed.org/version/1.1"}