Vulnerability Description
Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow, and the callback stores installations based on this untrusted metadata. This allows an attacker to bind their Slack workspace to any project and potentially receive changes to prompts stored in Langfuse Prompt Management. An attacker can replace existing Prompt Slack Automation integrations or pre-register a malicious one, though the latter requires an authenticated user to unknowingly configure it despite visible workspace and channel indicators in the UI. This issue has been fixed in version 3.147.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Langfuse | Langfuse | >= 3.89.0, < 3.147.0 |
Related Weaknesses (CWE)
References
- https://github.com/langfuse/langfuse/commit/3adc89e4d72729eabef55e46888b8ce80a7ePatch
- https://github.com/langfuse/langfuse/releases/tag/v3.147.0ProductRelease Notes
- https://github.com/langfuse/langfuse/security/advisories/GHSA-pvq7-vvfj-p98xExploitThird Party AdvisoryMitigation
- https://langfuse.com/docs/prompt-management/features/webhooks-slack-integrationsProduct
FAQ
What is CVE-2026-24055?
CVE-2026-24055 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the clie...
How severe is CVE-2026-24055?
CVE-2026-24055 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-24055?
Check the references section above for vendor advisories and patch information. Affected products include: Langfuse Langfuse.