{"data":{"id":"d5ad63ce-f5f2-4b75-9d39-4967ea172bab","title":"GHSA-9h64-2846-7x7f: Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening","summary":"AxonFlow platform versions before 7.5.0 contained eight security bugs related to multi-tenant isolation (the separation of data between different organizations sharing the same system), access control, and policy enforcement. These bugs could allow one tenant to access another tenant's audit logs, bypass authentication on customer onboarding, enumerate organizations, exhaust memory, or execute SQL injection (inserting malicious database commands). All eight issues are addressed together in the v7.5.0 release.","solution":"Upgrade to AxonFlow platform v7.5.0 or later; no configuration changes are required. For users unable to upgrade immediately, the source provides specific mitigations: for items 1-5, ensure agent middleware sets `X-Org-ID` / `X-Tenant-ID` from authenticated identity at the ingress and never accept body-supplied identity; for item 8 (Community SaaS only), set `SQLI_ACTION=block` explicitly via the agent task definition (v7.5.0 makes this the default).","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-9h64-2846-7x7f","publishedAt":"2026-05-06T23:13:27.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["github.com/getaxonflow/axonflow@< 7.5.0 (fixed: 7.5.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["AxonFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-05-06T23:13:27.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}