Overview

cross-tenant credential disclosure in itflow

May 25, 2026
2 min read

TL;DR

This one came from ITFlow and ended up as CVE-2026-47755.

The bug was simple in a very bad way: a low-privileged authenticated agent could request another client’s credential edit modal directly and get back decrypted secrets that should never have been exposed to them.

Not hashed junk. Not partial leakage. Actual useful stuff:

  • plaintext passwords
  • usernames
  • TOTP seeds
  • and even live TOTP values through a related endpoint

The vulnerable endpoint

GET /agent/modals/credential/credential_edit.php?id=<credential_id>

According to the advisory, the endpoint only required an authenticated session and then looked up the requested credential directly by ID.

That means the attack path was basically:

  1. log in as a low-privileged agent
  2. keep the valid session cookies
  3. request another tenant’s credential_id
  4. receive decrypted secrets inside the returned modal HTML

That is about as straightforward as it gets.

The advisory also included the key backend shape behind it:

SELECT *
FROM credentials
WHERE credential_id = $credential_id
LIMIT 1

That tells you exactly why the bug worked. The lookup was direct, and there was no tenant scoping in front of it.

What was missing

The core problem was object-level authorization.

The advisory explicitly says the endpoint did not:

  • call enforceClientAccess()
  • verify that the credential belonged to a client the current user was allowed to access
  • stop decrypted secret material from being rendered back into the HTML response

So even though the restricted user was scoped correctly in the visible UI, the modal endpoint ignored that tenant boundary.

The returned modal evidence was also unusually clear. The advisory showed the HTML coming back with fields like:

<input ... name="password" ... value="SUPER-SECRET-CLIENT2" ...>
<input ... name="otp_secret" ... value="JBSWY3DPEHPK3PXQ" ...>

That is the kind of response body that leaves very little room for argument.

Why the impact is real

This was not just “you can see a name you should not see.”

The returned modal could include:

  • credential username
  • credential password
  • OTP secret

And the advisory also notes a related endpoint that could leak the live TOTP token cross-tenant too.

At that point, this is not a cosmetic tenant-isolation issue anymore. It is direct secret disclosure across clients.

The exploit path

The restricted user could not see Client Two in the normal interface, but could still request credential_id=2 directly and recover the secret material from the modal response.

That kind of before-and-after is always good evidence:

  • normal UI says access is restricted
  • direct object request proves the restriction is fake

Severity and CVSS

The public advisory lists this as Moderate with:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Which makes sense here.

This is an authenticated bug, but once you have the low-privileged session, the exploitation is direct and the confidentiality impact is high.

Affected version

The advisory lists:

  • Package: itflow-org/itflow
  • Affected: <= 26.04
  • Patched: None

So at the time of the public advisory, there was no patched version listed yet.

Reference