Browse all 3 CVE security advisories affecting langfuse. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24055 | Langfuse Slack OAuth Installation Endpoint Lacks Authentication, Enabling Arbitrary Project Linking — langfuseCWE-284 | 6.5AI | MediumAI | 2026-01-22 |
| CVE-2025-65107 | Langfuse SSO Account Takeover via CSRF or phishing attack — langfuseCWE-352 | 6.5 | Medium | 2025-11-21 |
| CVE-2025-64504 | Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs — langfuseCWE-202 | 5.0 | Medium | 2025-11-10 |
This page lists every published CVE security advisory associated with langfuse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.