{
  "claim_outcome": "confirmed",
  "variant_kind": "alternate_trigger",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "authz_bypass",
  "observed_impact_class": "authz_bypass",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "victim flow UUID supplied as the `flow_id` value in POST /api/v2/workflows (Developer API) with the attacker's x-api-key; optional flat `inputs` inject a probe into the victim flow's ChatInput",
  "trigger_path": "POST /api/v2/workflows -> execute_workflow -> get_flow_by_id_or_endpoint_name(workflow_request.flow_id, api_key_user.id) -> UUID branch calls session.get(Flow, flow_id) without checking flow.user_id -> execute_sync_workflow runs the victim flow as the attacker and returns outputs",
  "end_to_end_target_reached": true,
  "variant_reproduced_on_vulnerable": true,
  "variant_blocked_on_fixed": true,
  "is_bypass": false,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": false,
  "blocking_mitigation": "fixed flow.py (commit b0afe3d2d6) adds flow.user_id != uuid_user_id -> None ownership check on the UUID branch; same /api/v2/workflows request returns 404 / 'flow does not exist' on the fixed code",
  "inferred": false,
  "notes": "variant=/api/v2/workflows; vuln_idor=true fixed_blocked=true"
}