Listen to this Post
How the CVE Works
The vulnerability exists in Hatchet’s multi-tenant authorization middleware. The endpoint `GET /api/v1/stable/dags/tasks` accepts a `tenant` UUID as a query parameter, but its OpenAPI definition lacks the `x-resources: [“tenant”]` declaration. Normally, the `populator` middleware reads declared resources from the spec, looks up the corresponding entity from request parameters, and stores it on the request context. The `authz` middleware then checks whether the authenticated user is a member of that tenant. Because the endpoint did not declare `tenant` as a resource, `populator` early‑returns without populating the tenant, and `authz` skips its membership check. The handler then reads the tenant UUID directly from the query parameter and uses it to filter the downstream OLAP query. The SQL correctly filters by tenant_id, but because the UUID comes from the caller instead of an authorized context, an attacker can supply any valid tenant UUID they have learned. The attacker needs an account on the same Hatchet instance, the victim tenant’s UUID, and at least one DAG UUID belonging to that tenant. These UUIDs are not secrets – they appear in URLs, API responses, audit logs, and shared links. The endpoint returns task metadata including display_name, action_id, step_id, workflow_id, workflow_run_id, task_external_id, tenant_id, retry_count, status, timestamps, and `additional_metadata` (a JSON field often containing user IDs, customer IDs, feature flags, or correlation tokens). The raw task input payload is not exposed. The issue was patched in v0.83.39.
DailyCVE Form
Platform: Hatchet
Version: before v0.83.39
Vulnerability: Missing Authorization
Severity: Medium
Date: April 23,2026
Prediction: Already patched
What Undercode Say:
Check if Hatchet instance is vulnerable (requires authenticated user)
TENANT_UUID="victim-tenant-uuid"
DAG_UUID="target-dag-uuid"
API_URL="https://hatchet.example.com/api/v1/stable/dags/tasks?tenant=${TENANT_UUID}&dagId=${DAG_UUID}"
curl -H "Authorization: Bearer $ATTACKER_TOKEN" "$API_URL"
Simulate the missing authorization – attacker from tenant A reads tenant B’s tasks
Response returns task metadata for victim tenant if UUIDs are valid
Exploit:
Attacker registers account on target Hatchet instance, learns victim tenant UUID and a DAG UUID from public sources (e.g., shared run links, dashboard screenshots). Sends GET request to `/api/v1/stable/dags/tasks?tenant=
Protection from this CVE
- Upgrade to Hatchet v0.83.39 or later immediately.
- If upgrade not possible, restrict account creation via `SERVER_AUTH_RESTRICTED_EMAIL_DOMAINS` allowlist.
- Deploy Hatchet API inside a VPC with authenticated network controls (not exposed to untrusted networks).
Impact
Unauthorized information disclosure of task metadata across tenants. Attackers can read `additional_metadata` (user IDs, customer IDs, feature flags, correlation tokens) for any DAG whose tenant UUID and DAG UUID are known. Does not expose raw task input payloads. No evidence of in‑the‑wild exploitation prior to patch.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
