CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an existing LLM connection to an attacker-controlled baseUrl, causing Langfuse to reuse the stored provider secret and redirect the test request to an attacker-controlled endpoint. This could expose the plaintext provider LLM API key for that connection. The attack is only possible if a user is already part of a project and has “member” scoped access. This issue has been patched in version 3.167.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.0%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2026-41487

Langfuse » Langfuse » Version: 3.100.0

cpe:2.3:a:langfuse:langfuse:3.100.0
Langfuse » Langfuse » Version: 3.101.0

cpe:2.3:a:langfuse:langfuse:3.101.0
Langfuse » Langfuse » Version: 3.102.0

cpe:2.3:a:langfuse:langfuse:3.102.0
Langfuse » Langfuse » Version: 3.103.0

cpe:2.3:a:langfuse:langfuse:3.103.0
Langfuse » Langfuse » Version: 3.104.0

cpe:2.3:a:langfuse:langfuse:3.104.0
Langfuse » Langfuse » Version: 3.105.0

cpe:2.3:a:langfuse:langfuse:3.105.0
Langfuse » Langfuse » Version: 3.106.0

cpe:2.3:a:langfuse:langfuse:3.106.0
Langfuse » Langfuse » Version: 3.106.1

cpe:2.3:a:langfuse:langfuse:3.106.1
Langfuse » Langfuse » Version: 3.106.2

cpe:2.3:a:langfuse:langfuse:3.106.2
Langfuse » Langfuse » Version: 3.106.3

cpe:2.3:a:langfuse:langfuse:3.106.3
Langfuse » Langfuse » Version: 3.106.4

cpe:2.3:a:langfuse:langfuse:3.106.4
Langfuse » Langfuse » Version: 3.107.0

cpe:2.3:a:langfuse:langfuse:3.107.0
Langfuse » Langfuse » Version: 3.108.0

cpe:2.3:a:langfuse:langfuse:3.108.0
Langfuse » Langfuse » Version: 3.109.0

cpe:2.3:a:langfuse:langfuse:3.109.0
Langfuse » Langfuse » Version: 3.110.0

cpe:2.3:a:langfuse:langfuse:3.110.0
Langfuse » Langfuse » Version: 3.111.0

cpe:2.3:a:langfuse:langfuse:3.111.0
Langfuse » Langfuse » Version: 3.112.0

cpe:2.3:a:langfuse:langfuse:3.112.0
Langfuse » Langfuse » Version: 3.113.0

cpe:2.3:a:langfuse:langfuse:3.113.0
Langfuse » Langfuse » Version: 3.114.0

cpe:2.3:a:langfuse:langfuse:3.114.0
Langfuse » Langfuse » Version: 3.115.0

cpe:2.3:a:langfuse:langfuse:3.115.0
Langfuse » Langfuse » Version: 3.116.0

cpe:2.3:a:langfuse:langfuse:3.116.0
Langfuse » Langfuse » Version: 3.116.1

cpe:2.3:a:langfuse:langfuse:3.116.1
Langfuse » Langfuse » Version: 3.117.0

cpe:2.3:a:langfuse:langfuse:3.117.0
Langfuse » Langfuse » Version: 3.117.1

cpe:2.3:a:langfuse:langfuse:3.117.1
Langfuse » Langfuse » Version: 3.117.2

cpe:2.3:a:langfuse:langfuse:3.117.2
Langfuse » Langfuse » Version: 3.118.0

cpe:2.3:a:langfuse:langfuse:3.118.0
Langfuse » Langfuse » Version: 3.119.0

cpe:2.3:a:langfuse:langfuse:3.119.0
Langfuse » Langfuse » Version: 3.119.1

cpe:2.3:a:langfuse:langfuse:3.119.1
Langfuse » Langfuse » Version: 3.120.0

cpe:2.3:a:langfuse:langfuse:3.120.0
Langfuse » Langfuse » Version: 3.121.0

cpe:2.3:a:langfuse:langfuse:3.121.0
Langfuse » Langfuse » Version: 3.122.0

cpe:2.3:a:langfuse:langfuse:3.122.0
Langfuse » Langfuse » Version: 3.122.1

cpe:2.3:a:langfuse:langfuse:3.122.1
Langfuse » Langfuse » Version: 3.122.2

cpe:2.3:a:langfuse:langfuse:3.122.2
Langfuse » Langfuse » Version: 3.123.0

cpe:2.3:a:langfuse:langfuse:3.123.0
Langfuse » Langfuse » Version: 3.123.1

cpe:2.3:a:langfuse:langfuse:3.123.1
Langfuse » Langfuse » Version: 3.124.0

cpe:2.3:a:langfuse:langfuse:3.124.0
Langfuse » Langfuse » Version: 3.124.1

cpe:2.3:a:langfuse:langfuse:3.124.1
Langfuse » Langfuse » Version: 3.125.0

cpe:2.3:a:langfuse:langfuse:3.125.0
Langfuse » Langfuse » Version: 3.126.0

cpe:2.3:a:langfuse:langfuse:3.126.0
Langfuse » Langfuse » Version: 3.126.1

cpe:2.3:a:langfuse:langfuse:3.126.1
Langfuse » Langfuse » Version: 3.127.0

cpe:2.3:a:langfuse:langfuse:3.127.0
Langfuse » Langfuse » Version: 3.128.0

cpe:2.3:a:langfuse:langfuse:3.128.0
Langfuse » Langfuse » Version: 3.129.0

cpe:2.3:a:langfuse:langfuse:3.129.0
Langfuse » Langfuse » Version: 3.130.0

cpe:2.3:a:langfuse:langfuse:3.130.0
Langfuse » Langfuse » Version: 3.131.0

cpe:2.3:a:langfuse:langfuse:3.131.0
Langfuse » Langfuse » Version: 3.132.0

cpe:2.3:a:langfuse:langfuse:3.132.0
Langfuse » Langfuse » Version: 3.133.0

cpe:2.3:a:langfuse:langfuse:3.133.0
Langfuse » Langfuse » Version: 3.134.0

cpe:2.3:a:langfuse:langfuse:3.134.0
Langfuse » Langfuse » Version: 3.135.0

cpe:2.3:a:langfuse:langfuse:3.135.0
Langfuse » Langfuse » Version: 3.135.1

cpe:2.3:a:langfuse:langfuse:3.135.1
Langfuse » Langfuse » Version: 3.136.0

cpe:2.3:a:langfuse:langfuse:3.136.0
Langfuse » Langfuse » Version: 3.137.0

cpe:2.3:a:langfuse:langfuse:3.137.0
Langfuse » Langfuse » Version: 3.138.0

cpe:2.3:a:langfuse:langfuse:3.138.0
Langfuse » Langfuse » Version: 3.139.0

cpe:2.3:a:langfuse:langfuse:3.139.0
Langfuse » Langfuse » Version: 3.140.0

cpe:2.3:a:langfuse:langfuse:3.140.0
Langfuse » Langfuse » Version: 3.141.0

cpe:2.3:a:langfuse:langfuse:3.141.0
Langfuse » Langfuse » Version: 3.142.0

cpe:2.3:a:langfuse:langfuse:3.142.0
Langfuse » Langfuse » Version: 3.143.0

cpe:2.3:a:langfuse:langfuse:3.143.0
Langfuse » Langfuse » Version: 3.144.0

cpe:2.3:a:langfuse:langfuse:3.144.0
Langfuse » Langfuse » Version: 3.145.0

cpe:2.3:a:langfuse:langfuse:3.145.0
Langfuse » Langfuse » Version: 3.146.0

cpe:2.3:a:langfuse:langfuse:3.146.0
Langfuse » Langfuse » Version: 3.147.0

cpe:2.3:a:langfuse:langfuse:3.147.0
Langfuse » Langfuse » Version: 3.148.0

cpe:2.3:a:langfuse:langfuse:3.148.0
Langfuse » Langfuse » Version: 3.149.0

cpe:2.3:a:langfuse:langfuse:3.149.0
Langfuse » Langfuse » Version: 3.150.0

cpe:2.3:a:langfuse:langfuse:3.150.0
Langfuse » Langfuse » Version: 3.150.1-0

cpe:2.3:a:langfuse:langfuse:3.150.1-0
Langfuse » Langfuse » Version: 3.151.0

cpe:2.3:a:langfuse:langfuse:3.151.0
Langfuse » Langfuse » Version: 3.152.0

cpe:2.3:a:langfuse:langfuse:3.152.0
Langfuse » Langfuse » Version: 3.153.0

cpe:2.3:a:langfuse:langfuse:3.153.0
Langfuse » Langfuse » Version: 3.154.0

cpe:2.3:a:langfuse:langfuse:3.154.0
Langfuse » Langfuse » Version: 3.154.1

cpe:2.3:a:langfuse:langfuse:3.154.1
Langfuse » Langfuse » Version: 3.155.0

cpe:2.3:a:langfuse:langfuse:3.155.0
Langfuse » Langfuse » Version: 3.155.1

cpe:2.3:a:langfuse:langfuse:3.155.1
Langfuse » Langfuse » Version: 3.156.0

cpe:2.3:a:langfuse:langfuse:3.156.0
Langfuse » Langfuse » Version: 3.157.0

cpe:2.3:a:langfuse:langfuse:3.157.0
Langfuse » Langfuse » Version: 3.158.0

cpe:2.3:a:langfuse:langfuse:3.158.0
Langfuse » Langfuse » Version: 3.159.0

cpe:2.3:a:langfuse:langfuse:3.159.0
Langfuse » Langfuse » Version: 3.160.0

cpe:2.3:a:langfuse:langfuse:3.160.0
Langfuse » Langfuse » Version: 3.161.0

cpe:2.3:a:langfuse:langfuse:3.161.0
Langfuse » Langfuse » Version: 3.162.0

cpe:2.3:a:langfuse:langfuse:3.162.0
Langfuse » Langfuse » Version: 3.163.0

cpe:2.3:a:langfuse:langfuse:3.163.0
Langfuse » Langfuse » Version: 3.164.0

cpe:2.3:a:langfuse:langfuse:3.164.0
Langfuse » Langfuse » Version: 3.165.0

cpe:2.3:a:langfuse:langfuse:3.165.0
Langfuse » Langfuse » Version: 3.166.0

cpe:2.3:a:langfuse:langfuse:3.166.0
Langfuse » Langfuse » Version: 3.68.0

cpe:2.3:a:langfuse:langfuse:3.68.0
Langfuse » Langfuse » Version: 3.69.0

cpe:2.3:a:langfuse:langfuse:3.69.0
Langfuse » Langfuse » Version: 3.70.0

cpe:2.3:a:langfuse:langfuse:3.70.0
Langfuse » Langfuse » Version: 3.71.0

cpe:2.3:a:langfuse:langfuse:3.71.0
Langfuse » Langfuse » Version: 3.72.0

cpe:2.3:a:langfuse:langfuse:3.72.0
Langfuse » Langfuse » Version: 3.72.1

cpe:2.3:a:langfuse:langfuse:3.72.1
Langfuse » Langfuse » Version: 3.72.2-0

cpe:2.3:a:langfuse:langfuse:3.72.2-0
Langfuse » Langfuse » Version: 3.72.2-1

cpe:2.3:a:langfuse:langfuse:3.72.2-1
Langfuse » Langfuse » Version: 3.73.0

cpe:2.3:a:langfuse:langfuse:3.73.0
Langfuse » Langfuse » Version: 3.73.1

cpe:2.3:a:langfuse:langfuse:3.73.1
Langfuse » Langfuse » Version: 3.74.0

cpe:2.3:a:langfuse:langfuse:3.74.0
Langfuse » Langfuse » Version: 3.75.0

cpe:2.3:a:langfuse:langfuse:3.75.0
Langfuse » Langfuse » Version: 3.75.1

cpe:2.3:a:langfuse:langfuse:3.75.1
Langfuse » Langfuse » Version: 3.75.2

cpe:2.3:a:langfuse:langfuse:3.75.2
Langfuse » Langfuse » Version: 3.75.3

cpe:2.3:a:langfuse:langfuse:3.75.3
Langfuse » Langfuse » Version: 3.75.4

cpe:2.3:a:langfuse:langfuse:3.75.4
Langfuse » Langfuse » Version: 3.76.0

cpe:2.3:a:langfuse:langfuse:3.76.0
Langfuse » Langfuse » Version: 3.77.0

cpe:2.3:a:langfuse:langfuse:3.77.0
Langfuse » Langfuse » Version: 3.78.0

cpe:2.3:a:langfuse:langfuse:3.78.0
Langfuse » Langfuse » Version: 3.78.1

cpe:2.3:a:langfuse:langfuse:3.78.1
Langfuse » Langfuse » Version: 3.78.2

cpe:2.3:a:langfuse:langfuse:3.78.2
Langfuse » Langfuse » Version: 3.79.0

cpe:2.3:a:langfuse:langfuse:3.79.0
Langfuse » Langfuse » Version: 3.79.1

cpe:2.3:a:langfuse:langfuse:3.79.1
Langfuse » Langfuse » Version: 3.80.0

cpe:2.3:a:langfuse:langfuse:3.80.0
Langfuse » Langfuse » Version: 3.80.1

cpe:2.3:a:langfuse:langfuse:3.80.1
Langfuse » Langfuse » Version: 3.81.0

cpe:2.3:a:langfuse:langfuse:3.81.0
Langfuse » Langfuse » Version: 3.81.1

cpe:2.3:a:langfuse:langfuse:3.81.1
Langfuse » Langfuse » Version: 3.82.0

cpe:2.3:a:langfuse:langfuse:3.82.0
Langfuse » Langfuse » Version: 3.83.0

cpe:2.3:a:langfuse:langfuse:3.83.0
Langfuse » Langfuse » Version: 3.84.0

cpe:2.3:a:langfuse:langfuse:3.84.0
Langfuse » Langfuse » Version: 3.85.0

cpe:2.3:a:langfuse:langfuse:3.85.0
Langfuse » Langfuse » Version: 3.85.1

cpe:2.3:a:langfuse:langfuse:3.85.1
Langfuse » Langfuse » Version: 3.85.2

cpe:2.3:a:langfuse:langfuse:3.85.2
Langfuse » Langfuse » Version: 3.86.0

cpe:2.3:a:langfuse:langfuse:3.86.0
Langfuse » Langfuse » Version: 3.86.1

cpe:2.3:a:langfuse:langfuse:3.86.1
Langfuse » Langfuse » Version: 3.87.0

cpe:2.3:a:langfuse:langfuse:3.87.0
Langfuse » Langfuse » Version: 3.87.1

cpe:2.3:a:langfuse:langfuse:3.87.1
Langfuse » Langfuse » Version: 3.88.0

cpe:2.3:a:langfuse:langfuse:3.88.0
Langfuse » Langfuse » Version: 3.88.1

cpe:2.3:a:langfuse:langfuse:3.88.1
Langfuse » Langfuse » Version: 3.89.0

cpe:2.3:a:langfuse:langfuse:3.89.0
Langfuse » Langfuse » Version: 3.90.0

cpe:2.3:a:langfuse:langfuse:3.90.0
Langfuse » Langfuse » Version: 3.91.0

cpe:2.3:a:langfuse:langfuse:3.91.0
Langfuse » Langfuse » Version: 3.92.0

cpe:2.3:a:langfuse:langfuse:3.92.0
Langfuse » Langfuse » Version: 3.92.1

cpe:2.3:a:langfuse:langfuse:3.92.1
Langfuse » Langfuse » Version: 3.93.0

cpe:2.3:a:langfuse:langfuse:3.93.0
Langfuse » Langfuse » Version: 3.94.0

cpe:2.3:a:langfuse:langfuse:3.94.0
Langfuse » Langfuse » Version: 3.95.0

cpe:2.3:a:langfuse:langfuse:3.95.0
Langfuse » Langfuse » Version: 3.95.1

cpe:2.3:a:langfuse:langfuse:3.95.1
Langfuse » Langfuse » Version: 3.95.2

cpe:2.3:a:langfuse:langfuse:3.95.2
Langfuse » Langfuse » Version: 3.96.0

cpe:2.3:a:langfuse:langfuse:3.96.0
Langfuse » Langfuse » Version: 3.96.1

cpe:2.3:a:langfuse:langfuse:3.96.1
Langfuse » Langfuse » Version: 3.96.2

cpe:2.3:a:langfuse:langfuse:3.96.2
Langfuse » Langfuse » Version: 3.97.0

cpe:2.3:a:langfuse:langfuse:3.97.0
Langfuse » Langfuse » Version: 3.97.1

cpe:2.3:a:langfuse:langfuse:3.97.1
Langfuse » Langfuse » Version: 3.97.2

cpe:2.3:a:langfuse:langfuse:3.97.2
Langfuse » Langfuse » Version: 3.97.3

cpe:2.3:a:langfuse:langfuse:3.97.3
Langfuse » Langfuse » Version: 3.97.4

cpe:2.3:a:langfuse:langfuse:3.97.4
Langfuse » Langfuse » Version: 3.97.5

cpe:2.3:a:langfuse:langfuse:3.97.5
Langfuse » Langfuse » Version: 3.98.0

cpe:2.3:a:langfuse:langfuse:3.98.0
Langfuse » Langfuse » Version: 3.98.1

cpe:2.3:a:langfuse:langfuse:3.98.1
Langfuse » Langfuse » Version: 3.98.2

cpe:2.3:a:langfuse:langfuse:3.98.2
Langfuse » Langfuse » Version: 3.99.0

cpe:2.3:a:langfuse:langfuse:3.99.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41487

Products

Pricing

Contact Us