Langflow is a platform for building and deploying AI-powered agents and workflows. In versions before 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id as a path parameter to delete API keys. While the endpoint enforces a generic authentication check via the get_current_active_user dependency, it does not verify that the API key being deleted actually belongs to the authenticated user. The underlying delete_api_key() CRUD function lacks ownership validation, allowing any authenticated user to delete arbitrary API keys by specifying their IDs. This is a classic authorization bypass vulnerability categorized as CWE-639. The vulnerability could be exploited remotely over the network without user interaction, requiring only low privileges (authenticated user). The impact includes unauthorized deletion of API keys, potentially disrupting legitimate users’ access to the system and causing denial of service. The CVSS 4.0 vector indicates network attack vector, low attack complexity, partial privileges required, no user interaction, and high impact on integrity and availability. No patches are linked yet, but upgrading to version 1.9.0 or later is expected to resolve the issue by enforcing proper ownership checks.

This vulnerability can significantly impact organizations relying on langflow for AI workflow automation. Unauthorized deletion of API keys can disrupt legitimate users’ ability to access or manage AI agents, leading to operational downtime and loss of productivity. Attackers could target high-value users or administrators to cause denial of service or interfere with AI workflows. Since API keys often grant programmatic access, their deletion could also complicate incident response and recovery. While the vulnerability does not directly expose sensitive data, the loss of API keys affects system integrity and availability. Organizations with multiple users and shared environments are at higher risk. The medium severity rating reflects the moderate ease of exploitation combined with impactful consequences on availability and integrity.

Organizations should upgrade langflow to version 1.9.0 or later where the vulnerability is fixed by enforcing API key ownership verification before deletion. Until upgrading, restrict access to the delete_api_key_route() endpoint to trusted users only and monitor API key deletion logs for suspicious activity. Implement additional access controls or API gateway policies to validate API key ownership at the application or network layer. Conduct regular audits of API keys and their usage to detect unauthorized deletions. Educate users about the importance of safeguarding API key identifiers to prevent misuse. Consider implementing multi-factor authentication and role-based access controls to reduce the risk of unauthorized authenticated access. Finally, maintain an incident response plan to quickly restore deleted API keys and minimize disruption.