{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "POST /api/v1/build/{flow_id}/flow against running Langflow 1.9.3; low-privileged user executes API Request flow with follow_redirects=true and a public URL that 302-redirects to 127.0.0.1 internal admin token endpoint",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "langflow 1.9.3 langflow-base 0.9.3 lfx 0.4.6",
    "sqlite",
    "internal_admin(127.0.0.1:9999)",
    "postman-echo public redirector"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/langflow_server.log",
    "logs/internal_admin.log",
    "logs/attacker_register.json",
    "logs/exploit_summary.json",
    "logs/build_exploit.ndjson",
    "logs/direct_summary.json",
    "logs/build_direct.ndjson",
    "logs/fixed_harness.json",
    "logs/vuln_harness.json"
  ],
  "notes": "exploit_bypass=true privilege_escalation_observed=true lowpriv_admin_forbidden_before=true stolen_token_admin_api_ok=true direct_blocked=true fixed_blocked=true"
}