Skip to content

Fix API key cross-account access vulnerability #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
balaraj74 merged 1 commit into from
Oct 9, 2025
Merged

Fix API key cross-account access vulnerability #1

balaraj74 merged 1 commit into from
Oct 9, 2025

Conversation

@balaraj74
Copy link
Owner

@balaraj74 balaraj74 commented Oct 9, 2025

What's the problem?

This PR fixes a security issue reported in langflow-ai#10202 where one user's API key could be used to run another user's flows. Basically, the system wasn't checking that you actually owned the flow before letting you execute it with your API key.

How did this happen?

The problem was in the flow lookup function. When someone tried to access a flow by its ID (like abc-123-def), the code would find the flow but skip the ownership check. It only verified ownership when flows were accessed by their custom endpoint names, which isn't how most people use it.

Here's what was happening:

  • User A creates an API key for their account
  • User B creates a private flow with ID xyz-789
  • User A could use their API key to execute User B's flow
  • No error, no warning - it just worked (when it shouldn't!)

What changed?

I updated the flow lookup function to always check that the authenticated user owns the flow, regardless of whether you're looking it up by ID or by name. Now the system properly enforces account isolation.

Files modified:

  • src/backend/base/langflow/helpers/flow.py - Added user ownership validation
  • src/backend/base/langflow/api/v1/endpoints.py - Updated endpoints to pass user info
  • src/backend/tests/unit/test_api_key_cross_account_security.py - New tests to prevent regression

How was it tested?

I added three test cases that cover:

  1. Cross-account blocking - Verify that User A's API key can't run User B's flow (returns 404)
  2. Same-account access - Verify that users can still run their own flows normally
  3. Flow retrieval - Verify that users can't even retrieve flow details from other accounts

All tests pass, and the existing test suite still works fine.

Does this break anything?

No breaking changes. If you're using your API key to run your own flows, everything works exactly the same. You just can't run someone else's flows anymore (which you shouldn't have been able to do anyway).

Why 404 instead of 403?

When a user tries to access a flow they don't own, we return 404 (Not Found) instead of 403 (Forbidden). This prevents information leakage - attackers can't use this to figure out which flow IDs exist in the system.

What about performance?

Minimal impact. We're just adding one extra condition to an existing database query. The query was already filtering by flow ID, now it also filters by user ID.

Can this be deployed safely?

Yes. The fix is isolated to the flow access logic and maintains backward compatibility. I'd recommend:

  1. Deploy to a staging environment first
  2. Test with a few real API keys and flows
  3. Monitor the logs after production deployment

Security note

This is a high-severity issue since it allows unauthorized access to other users' data. Once deployed, you might want to review logs for any suspicious cross-account access attempts that may have occurred before the fix.

Closes langflow-ai#10202

@balaraj74
Fix API key cross-account access vulnerability
1ee3bde 
Previously, API keys from one user account could be used to execute flows
owned by other users. This happened because the flow retrieval function
only validated user ownership when looking up flows by endpoint name, but
not when using flow UUIDs.

This commit adds user ownership validation for UUID-based flow lookups by
checking the user_id in the database query. Now when a flow is retrieved
by ID, it also verifies that the requesting user owns that flow.

Additionally, updated the flow execution endpoints to pass the API key
user's ID through to the flow retrieval function. Returns 404 for both
non-existent flows and unauthorized access attempts to avoid leaking
information about which flows exist.

Added comprehensive test coverage including:
- Tests verifying cross-account access is properly blocked
- Tests confirming legitimate same-account access still works
- Tests for both simplified and webhook execution endpoints

Fixes langflow-ai#10202
@balaraj74 balaraj74 merged commit f89c145 into main Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Token Issue

2 participants

@balaraj74