◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

IDOR (Insecure Direct Object Reference) in AI platforms

Definition
An IDOR flaw occurs when an AI platform lets a user access another user's data simply by changing an identifier (like a number in a URL or API call) — without checking whether the requesting user is actually allowed to see that resource. In AI platforms, this can expose other users' conversation histories, AI agent outputs, uploaded documents, and tool-call logs.
Why it matters
IDORs are among the most common yet preventable flaws in AI platforms — and they can expose highly sensitive data that users share with AI tools in confidence (medical queries, financial data, strategic planning). Multiple AI platforms including Twenty CRM, Open WebUI, and Langflow were found to have IDOR vulnerabilities simultaneously.
Demonstrated by recent findings
Twenty CRM AI Agent Monitor — Cross-Workspace IDOR Exposes Full Chat Histories & Tool Outputs (CVE-2026-55583)Open WebUI — Image URL Parameter Resolves as File ID, Enabling Cross-User File Exfiltration (CVSS 6.5)Langflow IDOR — Authenticated User Can Execute Any Other User's Flow via /api/v1/responsesLangflow Monitor Router IDOR — 7 Unauthenticated Endpoints Expose All Users' Session Data
References
OWASP API Security Top 10 — API1:2023 Broken Object Level Authorization
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →