CVE-2024-7297: Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged
Summary
Langflow versions before 1.0.13 have a privilege escalation vulnerability (a security flaw where an attacker gains higher access rights than they should have) that lets a remote attacker with low privileges become a super admin by sending a specially crafted request to the '/api/v1/users' endpoint using mass assignment (a technique where an attacker modifies multiple fields at once by exploiting how the application handles user input).
Solution / Mitigation
Upgrade Langflow to version 1.0.13 or later.
Vulnerability Details
8.8(high)
EPSS: 0.3%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-7297
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 92%