The vulnerability originates from the delete_api_key_route() endpoint in Langflow, which accepts an api_key_id parameter but only performs a generic authentication check. The underlying delete_api_key() function then deletes the key without confirming that it belongs to the requesting user. As a result, any authenticated user can delete any API key in the system, potentially denying access to other users' services and disrupting the operation of applications that rely on those keys. This is an instance of the CWE-639 "Authorization Bypass Using Privileged Credentials" weakness, and the effect is a loss of availability for services tied to the deleted keys.

Langflow‑ai‘s Langflow product versions prior to 1.9.0 are affected. All releases before 1.9.0 that include the unverified delete_api_key_route() endpoint are vulnerable. Users of 1.9.0 and later can be considered safe from this issue.

With a CVSS score of 6.1, the vulnerability is classified as moderate severity. The EPSS score is less than 1 %, indicating a low probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. An attacker must first authenticate to the application, but once logged in they can craft a request to the delete endpoint with any api_key_id value, making the attack fairly straightforward for a legitimate user or anyone who has obtained valid credentials. The lack of ownership verification removes a critical access control check, raising the risk for accidental or intentional service disruption.