CVE-2026-42572 - Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`
CVE-2026-42572 - Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`
GHSA-55gc-6fmc-fpx9 MEDIUM go/github.com/hatchet-dev/hatchet
CVE: CVE-2026-42572
Summary
A missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belonging to that tenant, and receive task metadata for that DAG.
This issue has been patched in v0.83.39. Hatchet Cloud has been patched and requires no action from users. Self-hosted users should upgrade.
Impact
Who is affected. Multi-tenant Hatchet instances reachable by an attacker who can obtain an account on that instance. On Hatchet Cloud, account creation is open by default. On self-hosted instances, the API must be reachable by the attacker and the hostname known; instances deployed inside a VPC or with signup restricted are not exposed to arbitrary external actors.
Prerequisites for exploitation. An attacker needed:
1. An account on the target Hatchet instance.
2. The victim tenant's UUID.
3. At least one DAG UUID (external_id) belonging to that tenant.
The two UUIDs are not treated as secrets — they appear in URLs, API responses, audit logs, invitation flows, shared run links, and dashboard screenshots — but an attacker does need to learn them through some out-of-band channel before exploitation is possible.
What could be disclosed. For each child task of a targeted DAG, the endpoint returned:
display_name,action_id,step_idworkflow_id,workflow_version_id,workflow_run_id,task_external_idtenant_id,retry_count,status, timestampsadditional_metadata(JSON)
The additional_metadata field is the most sensitive: Hatchet workflows commonly use it to carry domain context such as user identifiers, customer IDs, feature flags, or correlation tokens. Its contents vary by deployment.
What was not disclosed. The raw task input payload is not part of this endpoint's response shape and was not exposed thr
📌 来源: GitHub-Advisory | 🆔 CVE-2026-42572 | 📅 2026-05-06