2026-03-27 14:34:14
tenable
PUBLISHED
The /api/v1/files/images/{flow_id}/{file_name} endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.