What is the CVSS score of EUVD-2026-16664?

EUVD-2026-16664 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Langflow are affected by EUVD-2026-16664?

CVE-2026-5025 presents notable security risk, a missing authorization vulnerability rated CVSS 6.5. Attackers could gain access beyond their authorized level.

Langflow EUVD-2026-16664

| CVE-2026-5025 MEDIUM

Missing Authorization (CWE-862)

2026-03-27 vulnreport@tenable.com

Authentication Bypass Langflow

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 27, 2026 - 15:22 euvd

EUVD-2026-16664

Analysis Generated

Mar 27, 2026 - 15:22 vuln.today

CVE Published

Mar 27, 2026 - 15:17 nvd

MEDIUM 6.5

DescriptionCVE.org

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').

AnalysisAI

Log router endpoints in an authenticated application expose full application log buffers to any authenticated user without privilege-level authorization checks, allowing credential harvesting, sensitive data exfiltration, and reconnaissance. The vulnerability affects the '/logs' and '/logs-stream' endpoints which enforce only basic authentication ('get_current_active_user') rather than administrative privilege requirements, enabling authenticated attackers with low privileges to read complete application logs containing sensitive information. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS score of 6.5 (Medium severity) reflects confidentiality impact (C:H) with no integrity or availability impact, which aligns with log exposure scenarios. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker gains valid login credentials for a standard user account (via phishing, credential stuffing, or insider access) and authenticates to the web application. The attacker then performs a simple HTTP GET request to 'https://target.app/logs' or streams logs via '/logs-stream', bypassing the missing authorization checks and immediately receiving the complete application log buffer. …
Remediation	The primary remediation is to implement role-based access control (RBAC) on the '/logs' and '/logs-stream' endpoints by adding authorization checks (e.g., 'is_superuser' or equivalent privilege validation) to the endpoint dependencies. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-16664 vulnerability details – vuln.today

Back

Langflow EUVD-2026-16664

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code