High severity Insecure Direct Object Reference leading to workflow token exposure. Impact: Session hijacking, user impersonation, unauthorized access to workflows. Remediation: Implement authorization checks and remove sensitive tokens from API responses.