Skip to content

Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening

Critical severity GitHub Reviewed Published Apr 29, 2026 in getaxonflow/axonflow • Updated May 6, 2026

Package

gomod github.com/getaxonflow/axonflow (Go)

Affected versions

< 7.5.0

Patched versions

7.5.0

Description

Summary

Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a single platform upgrade.

Affected versions

< 7.5.0. Specific items affect different earlier minors; see Impact below.

Patched versions

>= 7.5.0.

Impact

# Item Affected Patched CWE
1 MAP execution multi-tenant isolation. A body-supplied org_id could override the Basic-auth-derived org for both execution recording and policy evaluation. In multi-tenant deployments with shared agents, this could record one tenant's request under another tenant's audit log and evaluate it under the wrong tenant's policy set. < 7.4.5 >= 7.4.5 CWE-863
2 Cross-tenant audit-log leak via evidence/explain handlers. The handlers behind /api/v1/evidence/* and /api/v1/decisions/*/explain failed open when the tenant context was missing, returning data scoped to a different tenant or returning data without scope. < 7.2.0 >= 7.2.0 CWE-200, CWE-863
3 License-validation bypass on onboard-customer. The portal customer-onboard endpoint lacked authentication and license-key validation, allowing unauthenticated callers to invoke the onboard flow. < 7.2.0 >= 7.2.0 CWE-862
4 Tenant-scope fail-open on evidence/explain. Distinct from item 2: when tenant headers were absent, the handler defaulted to a permissive read scope rather than refusing the request. < 7.2.0 >= 7.2.0 CWE-862
5 Internal-service auth fallback bypass in non-Community modes. Evaluation/Enterprise builds carried an auth fallback path that, under specific request shapes, could be exploited to bypass apiAuthMiddleware. < 7.2.0 >= 7.2.0 CWE-863
6 Login timing / org-existence disclosure on the portal. The login handler returned different timing and response bodies for invalid-org vs invalid-password, allowing org enumeration. < 7.1.3 >= 7.1.3 CWE-208
7 Portal DoS via unbounded request body. The portal accepted unbounded request bodies, allowing memory-exhaustion attacks. Capped at 1 MiB. < 7.1.5 >= 7.1.5 CWE-770
8 SQL-injection enforcement regression on try.getaxonflow.com. The Community SaaS hosted endpoint inherited the warn SQLi default introduced in v6.2.0, allowing SQL-injection-shaped requests to pass governance to the LLM. Self-hosted deployments were unaffected unless they manually changed the default. < 7.5.0 (try.getaxonflow.com only) >= 7.5.0 CWE-89

Remediation

Upgrade to AxonFlow platform v7.5.0 or later. No configuration changes required — the platform is purely additive and existing API/SDK callers continue to work.

For users who can't upgrade immediately, item-specific mitigations:

  • Items 1–5: ensure the agent middleware sets X-Org-ID / X-Tenant-ID from authenticated identity at the ingress, never accepting body-supplied identity.
  • Item 8 (Community SaaS): SQLI_ACTION=block can be set explicitly via the agent task definition; v7.5.0 makes this the default.

Resources

Credit

Identified by AxonFlow internal security review during the April 2026 quality-freeze epic.

References

@saurabhjain1592 saurabhjain1592 published to getaxonflow/axonflow Apr 29, 2026
Published to the GitHub Advisory Database May 6, 2026
Reviewed May 6, 2026
Last updated May 6, 2026

Severity

Critical

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

EPSS score

Weaknesses

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. Learn more on MITRE.

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Learn more on MITRE.

Observable Timing Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. Learn more on MITRE.

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. Learn more on MITRE.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action. Learn more on MITRE.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-9h64-2846-7x7f

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.