{
  "variant_id": "pruva-cve-2026-10129-urlcomponent-redirect-ssrf",
  "created_at": "2026-07-05T09:47:15Z",
  "variant_summary": "Alternate same-root-cause redirect SSRF trigger through Langflow URLComponent: vulnerable lfx 0.4.6 validates the initial public URL then RecursiveUrlLoader follows a redirect to loopback; latest HEAD blocks the same redirect, so this is not a fixed-version bypass.",
  "relation": "newer_version_sibling",
  "origin_kind": "pruva_variant",
  "repository": "langflow/langflow",
  "submitted_target": {
    "target_kind": "git_tag_and_installed_package",
    "commit_sha": "322e4908b931a3efe2d65c6a7ad5ec373c5a5e1d",
    "version": "langflow 1.9.3 / lfx 0.4.6",
    "ref": "v1.9.3",
    "display": "Langflow OSS 1.9.3 with installed lfx 0.4.6 from repro venv"
  },
  "variant_target": {
    "target_kind": "git_commit_overlay_and_installed_package",
    "commit_sha": "315cc41b43c446bfb0e63d420ca55021f6f8987e",
    "version": "repository HEAD tested via URLComponent overlay; installed lfx metadata remains 0.4.6",
    "ref": "origin/main HEAD",
    "display": "Fixed/latest URLComponent copied from repo HEAD into isolated PYTHONPATH overlay"
  },
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "medium",
  "claimed_surface": "api_remote API Request component redirect SSRF leading to privilege escalation",
  "validated_surface": "component_harness URLComponent redirect SSRF internal marker disclosure",
  "required_entrypoint_kind": "component_harness",
  "required_entrypoint_detail": "Invoke lfx.components.data_source.url.URLComponent.fetch_url_contents with urls containing a public redirector URL",
  "attacker_controlled_input": "URLComponent urls field: https://postman-echo.com/redirect-to?url=http%3A%2F%2F127.0.0.1%3A9998%2Fmarker",
  "trigger_path": "URLComponent.ensure_url validates initial URL -> URLComponent._create_loader creates RecursiveUrlLoader -> RecursiveUrlLoader.load/_get_child_links_recursive uses requests.get with automatic redirects -> loopback marker reached on vulnerable lfx 0.4.6",
  "observed_impact_class": "ssrf_internal_resource_disclosure",
  "exploitability_confidence": "high_on_vulnerable_blocked_on_fixed_latest",
  "evidence_scope": "component_harness",
  "runtime_manifest_present": true,
  "end_to_end_target_reached": true,
  "inferred": false,
  "claim_block_reason": "not_a_bypass_of_latest_head",
  "blocking_mitigation": "Latest HEAD URLComponent has per-hop redirect SSRF revalidation and blocks redirect to 127.0.0.1.",
  "file_path": "src/lfx/src/lfx/components/data_source/url.py",
  "line_start": 579,
  "line_end": 684,
  "secondary_anchors": [
    {
      "file_path": "src/lfx/src/lfx/components/data_source/api_request.py",
      "line_start": 560,
      "line_end": 640
    },
    {
      "file_path": "src/lfx/src/lfx/utils/ssrf_protection.py",
      "line_start": 1,
      "line_end": 120
    }
  ],
  "review_scope_paths": [
    "src/lfx/src/lfx/components/data_source/api_request.py",
    "src/lfx/src/lfx/components/data_source/url.py",
    "src/lfx/src/lfx/utils/ssrf_protection.py",
    "src/lfx/src/lfx/utils/ssrf_httpx.py",
    "src/lfx/src/lfx/utils/ssrf_requests.py",
    "SECURITY.md"
  ],
  "artifact_refs": {
    "variant_manifest": "bundle/vuln_variant/variant_manifest.json",
    "validation_verdict": "bundle/vuln_variant/validation_verdict.json",
    "runtime_manifest": "bundle/vuln_variant/runtime_manifest.json",
    "repro_log": "bundle/logs/vuln_variant/reproduction_steps.log",
    "root_cause_equivalence": "bundle/vuln_variant/root_cause_equivalence.json",
    "reproducer": [
      "bundle/vuln_variant/reproduction_steps.sh",
      "bundle/vuln_variant/run_url_component.py",
      "bundle/vuln_variant/internal_marker.py"
    ]
  }
}
