{
  "parent_claim_id": "CVE-2026-55255",
  "parent_entrypoint": "POST /api/v1/responses (openai_responses.create_response) with {model: victim_flow_uuid}",
  "parent_sink": "langflow.helpers.flow.get_flow_by_id_or_endpoint_name (UUID branch: session.get(Flow, flow_id) without checking flow.user_id)",
  "variant_entrypoint": "POST /api/v2/workflows (api.v2.workflow.execute_workflow) with {flow_id: victim_flow_uuid, inputs: {...}} (Developer API, LANGFLOW_DEVELOPER_API_ENABLED=true)",
  "variant_sink": "same: langflow.helpers.flow.get_flow_by_id_or_endpoint_name (UUID branch)",
  "same_sink": true,
  "same_root_cause": true,
  "root_cause": "get_flow_by_id_or_endpoint_name performs session.get(Flow, flow_id) on the UUID branch without comparing flow.user_id to the caller-supplied user_id. Both the parent (/api/v1/responses -> create_response line 635) and this variant (/api/v2/workflows -> execute_workflow line 151) pass the authenticated api_key_user.id as the second argument, which the vulnerable UUID branch ignores.",
  "same_trust_boundary": true,
  "trust_boundary": "Authenticated (non-superuser) HTTP API caller (x-api-key) -> another tenant's flow. Both parent and variant cross the identical authenticated cross-tenant authorization boundary.",
  "same_impact_class": true,
  "impact_class": "authz_bypass (cross-tenant flow execution + output disclosure)",
  "differences": [
    "Different endpoint: POST /api/v2/workflows vs POST /api/v1/responses",
    "Different request body schema: WorkflowExecutionRequest {flow_id, inputs, background, stream} (extra='forbid') vs OpenAIResponsesRequest {model, input, stream, ...}",
    "Different response schema: WorkflowExecutionResponse {object:'response', status, outputs:{component_id:ComponentOutput}} vs OpenAI Responses format",
    "Different route guard: /api/v2/workflows requires check_developer_api_enabled (LANGFLOW_DEVELOPER_API_ENABLED=true, default false); /api/v1/responses has no such gate",
    "Both pass api_key_user.id explicitly to the helper; both are auto-closed by the same helper fix (b0afe3d2d6)"
  ],
  "fix_closes_variant": true,
  "fix_commit_sha": "b0afe3d2d6506f3d69aff83325d46f0ec481e02a",
  "is_bypass": false,
  "equivalence_confidence": "high",
  "evidence": {
    "vulnerable_reproduced": "bundle/vuln_variant/artifacts/variant_response_vuln.json (status=completed, attacker probe in outputs.ChatOutput-J6aor.content)",
    "fixed_blocked": "bundle/vuln_variant/artifacts/variant_response_fixed.json (http_status=404, code=FLOW_NOT_FOUND)"
  }
}
