Login Sign Up

CVE-2026-24055

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthenticated attackers to bind their Slack workspace to any Langfuse project via the Slack OAuth endpoint. This could enable unauthorized access to prompt management changes and potentially replace existing Slack integrations. All Langfuse deployments running versions 3.146.0 or below are affected.

💻 Affected Systems

Products:
  • Langfuse
Versions: 3.146.0 and below
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments with Slack integration enabled or accessible via the vulnerable endpoint.

📦 What is this software?

Langfuse by Langfuse

View all CVEs affecting Langfuse →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains unauthorized access to sensitive prompt management data and replaces legitimate Slack integrations, potentially intercepting or manipulating AI prompt notifications.

🟠

Likely Case

Unauthorized Slack workspace binding to projects, potentially disrupting legitimate Slack automation workflows.

🟢

If Mitigated

Limited impact if proper network segmentation and monitoring are in place, though unauthorized access attempts may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires basic understanding of OAuth flows but no authentication to Langfuse.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.147.0

Vendor Advisory: https://github.com/langfuse/langfuse/security/advisories/GHSA-pvq7-vvfj-p98x

Restart Required: Yes

Instructions:

1. Update Langfuse to version 3.147.0 or higher. 2. Restart the Langfuse service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable Slack Integration Endpoint

all

Block access to the vulnerable /api/public/slack/install endpoint

# Add to web server config (nginx example):
location /api/public/slack/install { deny all; }

🧯 If You Can't Patch

  • Implement network-level access controls to restrict access to the /api/public/slack/install endpoint
  • Monitor logs for unauthorized access attempts to Slack OAuth endpoints

🔍 How to Verify

Check if Vulnerable:

Check Langfuse version via admin interface or API. If version ≤ 3.146.0, system is vulnerable.

Check Version:

curl -s http://localhost:3000/api/public/health | grep version

Verify Fix Applied:

Confirm version is ≥ 3.147.0 and test that unauthorized projectId binding is no longer possible.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized POST requests to /api/public/slack/install
  • OAuth callbacks with unexpected projectId values

Network Indicators:

  • Unusual traffic patterns to Slack OAuth endpoints
  • Multiple failed OAuth authorization attempts

SIEM Query:

source="langfuse" AND (url_path="/api/public/slack/install" OR message="Slack OAuth")

📊 Metadata

CVE ID: CVE-2026-24055
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-284
EPSS Score: 0.04% exploit probability (11.8th percentile)
Published: January 22, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24055, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)