All 4 CVE vulnerabilities found in langfuse, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24055 | Langfuse Slack OAuth Installation Endpoint Lacks Authentication, Enabling Arbitrary Project Linking CWE-284 | 6.5AI | MediumAI | 2026-01-22 |
| CVE-2025-65107 | Langfuse SSO Account Takeover via CSRF or phishing attack CWE-352 | 6.5 | Medium | 2025-11-21 |
| CVE-2025-64504 | Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs CWE-202 | 5.0 | Medium | 2025-11-10 |
| CVE-2025-9799 | Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery CWE-918 | 5.0 | Medium | 2025-09-01 |
All 4 known CVE vulnerabilities affecting langfuse with full Chinese analysis, references, and POCs where available.