CVE-2026-0650
📋 TL;DR
OpenFlagr versions up to 1.1.18 contain an authentication bypass vulnerability in HTTP middleware. Attackers can craft requests to bypass authentication and access protected API endpoints without credentials, potentially modifying feature flags and exporting sensitive data. Organizations using OpenFlagr versions ≤1.1.18 are affected.
💻 Affected Systems
- OpenFlagr
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of feature flag management system allowing attackers to modify all flags, export sensitive configuration data, and potentially pivot to other systems.
Likely Case
Unauthorized access to protected API endpoints leading to modification of feature flags, exposure of sensitive configuration data, and potential service disruption.
If Mitigated
Limited impact if proper network segmentation, API gateway controls, and monitoring are in place to detect anomalous requests.
🎯 Exploit Status
Exploitation requires crafting HTTP requests with specific path manipulation techniques to bypass whitelist checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.19
Vendor Advisory: https://github.com/openflagr/flagr/releases/tag/1.1.19
Restart Required: Yes
Instructions:
1. Download OpenFlagr version 1.1.19 from GitHub releases. 2. Replace existing OpenFlagr binary with the patched version. 3. Restart the OpenFlagr service. 4. Verify the version is now 1.1.19.
🔧 Temporary Workarounds
API Gateway Authentication
allImplement authentication at the API gateway level before requests reach OpenFlagr
Network Segmentation
allRestrict network access to OpenFlagr API endpoints to trusted sources only
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can reach OpenFlagr API endpoints
- Deploy a web application firewall (WAF) with rules to detect and block path manipulation attempts
🔍 How to Verify
Check if Vulnerable:
Check if OpenFlagr version is ≤1.1.18 by examining the service version or deployment manifestCheck Version:
./flagr version (or check deployment configuration for version)Verify Fix Applied:
Confirm OpenFlagr version is 1.1.19 or later and test that authentication is required for protected endpoints📡 Detection & Monitoring
Log Indicators:
- HTTP requests to protected endpoints without authentication headers
- Unusual path patterns with extra slashes or path manipulation
Network Indicators:
- HTTP requests to /api/v1/* endpoints without proper authentication
- Requests with crafted paths attempting to bypass authentication
SIEM Query:
source="openflagr" AND (path="/api/v1/*" AND NOT auth_token=*) OR (path CONTAINS "//" OR path CONTAINS "/./")