Vulnerability Details CVE-2026-5025
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.2%
CVSS Severity
CVSS v3 Score 6.5