Langflow is a platform designed to build and deploy AI-powered agents and workflows, widely used in AI development environments. In versions before 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id parameter to specify which API key to delete. While this endpoint requires the user to be authenticated (via get_current_active_user dependency), it lacks a critical authorization check to verify that the API key targeted for deletion actually belongs to the authenticated user. The underlying CRUD function, delete_api_key(), does not enforce ownership validation, allowing an authenticated user to delete API keys belonging to other users by supplying arbitrary api_key_id values. This vulnerability is classified under CWE-639, which involves authorization bypass through user-controlled keys or identifiers. The CVSS 4.0 vector indicates the attack can be performed remotely over the network (AV:N), with low complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The impact on confidentiality and availability is high (VI:H, VA:H), as unauthorized deletion of API keys can disrupt legitimate access and potentially enable further unauthorized actions if keys are reused or shared. No patches are linked yet, and no exploits are known in the wild, but the vulnerability poses a significant risk to environments relying on langflow for AI workflow management.

The vulnerability allows authenticated users to delete API keys belonging to other users without proper authorization checks. This can lead to denial of service for legitimate users who lose access to their API keys, disrupting AI workflows and automation dependent on those keys. Additionally, malicious actors could target high-value API keys to cause operational outages or attempt to manipulate access controls indirectly. In multi-tenant or collaborative environments, this flaw could facilitate privilege escalation or lateral movement by removing keys that enforce access boundaries. Organizations relying on langflow for critical AI operations may face service interruptions, increased operational overhead to recover lost keys, and potential exposure to further attacks if API key management is compromised. The medium CVSS score reflects moderate ease of exploitation and significant impact on availability and integrity, though confidentiality impact is limited to indirect effects.

Organizations should upgrade langflow to version 1.9.0 or later where this vulnerability is fixed by enforcing ownership verification before API key deletion. Until an upgrade is possible, implement compensating controls such as restricting access to the delete_api_key_route() endpoint to highly trusted users only, monitoring API key deletion logs for suspicious activity, and enforcing strict API key management policies. Additionally, consider implementing network-level access controls and multi-factor authentication to reduce the risk of unauthorized authenticated access. Developers should review and enhance authorization logic in all CRUD operations involving sensitive resources to ensure ownership validation. Regular security audits and penetration testing focused on authorization checks can help detect similar flaws. Finally, maintain an inventory of API keys and their owners to quickly identify and recover from unauthorized deletions.