The vulnerability arises from a missing authorization check on the GET /api/v1/stable/dags/tasks endpoint in Hatchet. An authenticated user from any tenant can supply another tenant’s UUID and a DAG UUID belonging to that tenant to retrieve task metadata for that DAG. The result is a breach of confidentiality, exposing internal details of workflows to unauthorized users. The flaw is a classic omission of an authorization directive (CWE‑639) combined with improper tenant isolation (CWE‑863). The impact is limited to data disclosure and does not involve code execution or service disruption.

The flaw affects all Hatchet deployments that run a version older than 0.83.39. The product, developed by hatchet‑dev, is an orchestration platform for background tasks, AI agents, and durable workflows. Instances that support multiple tenants and expose the stable API are vulnerable. No other components or variants are mentioned in the advisory.

The CVSS score of 5.3 places the issue in the medium severity range. Exploitability requires only authenticated access to the Hatchet instance; no additional privileges or launch conditions are required. The EPSS score is not available, so the current probability of exploitation is unknown, but the missing authorization is a straightforward vector that could be abused with simple API requests. The vulnerability is not listed in the CISA KEV catalog, indicating no known public exploits at the time of disclosure. Nonetheless, the potential for cross‑tenant data leakage warrants prompt remediation, particularly in multi‑tenant environments.