<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Image-Retrieval - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/image-retrieval/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 26 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/image-retrieval/feed.xml" rel="self" type="application/rss+xml"/><item><title>Langflow Unauthenticated Image Retrieval Vulnerability (CVE-2026-33484)</title><link>https://feed.craftedsignal.io/briefs/2024-01-langflow-unauth-image-retrieval/</link><pubDate>Fri, 26 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-langflow-unauth-image-retrieval/</guid><description>Langflow versions 1.0.0 through 1.8.1 are vulnerable to an unauthenticated image retrieval vulnerability (CVE-2026-33484) that allows attackers to download any user's uploaded images without credentials in multi-tenant deployments by accessing the `/api/v1/files/images/{flow_id}/{file_name}` endpoint.</description><content:encoded><![CDATA[<p>Langflow, a tool used for building and deploying AI-powered agents and workflows, is susceptible to an unauthenticated image retrieval vulnerability. Specifically, versions 1.0.0 through 1.8.1 expose the <code>/api/v1/files/images/{flow_id}/{file_name}</code> endpoint without implementing any authentication or ownership validation. This oversight enables any unauthenticated user with knowledge of a <code>flow_id</code> and <code>file_name</code> to retrieve the corresponding image. In a multi-tenant Langflow deployment, this vulnerability permits an attacker who can discover or guess a valid <code>flow_id</code> (which the advisory notes can be leaked through other API responses) to download images uploaded by other users without providing any credentials. The vulnerability is identified as CVE-2026-33484, and a patch is available in version 1.9.0.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker identifies a Langflow instance running a vulnerable version (1.0.0 - 1.8.1).</li>
<li>Attacker discovers a valid <code>flow_id</code>. This could occur through reconnaissance of API responses, error messages, or other information leakage.</li>
<li>Attacker identifies or guesses the <code>file_name</code> of an image associated with the discovered <code>flow_id</code>.</li>
<li>Attacker crafts an HTTP GET request to the vulnerable endpoint: <code>/api/v1/files/images/{flow_id}/{file_name}</code>, substituting the known <code>flow_id</code> and <code>file_name</code>.</li>
<li>The Langflow server, lacking authentication or ownership checks, processes the request.</li>
<li>The server responds with HTTP 200 and includes the requested image in the response body.</li>
<li>Attacker downloads the image.</li>
<li>Attacker potentially repeats the process with different <code>flow_id</code> and <code>file_name</code> combinations to exfiltrate additional images.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this vulnerability allows unauthorized access to potentially sensitive images uploaded by Langflow users. In a multi-tenant environment, this can lead to a significant breach of confidentiality, as attackers can access data belonging to other users without authentication. The observed damage includes unauthorized viewing and potential exfiltration of user data. The severity of the impact is dependent on the content of the images and the level of trust placed in the Langflow instance.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade Langflow to version 1.9.0 or later to apply the patch for CVE-2026-33484.</li>
<li>Deploy the Sigma rule <code>Detect Langflow Unauthenticated Image Retrieval Attempt</code> to identify attempts to exploit this vulnerability in web server logs.</li>
<li>Monitor web server logs for requests to the <code>/api/v1/files/images/</code> endpoint, especially those lacking valid authentication tokens or session cookies.</li>
</ul>
]]></content:encoded><category domain="severity">medium</category><category domain="type">advisory</category><category>langflow</category><category>unauthenticated-access</category><category>image-retrieval</category><category>vulnerability</category></item></channel></rss>