CVE-2024-7297
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-7297 is a newly disclosed privilege escalation vulnerability that affects Langflow versions below 1.0.13. An attacker with low privileges can exploit this flaw by sending a mass assignment request to the '/api/v1/users' endpoint, resulting in the assignment of super admin privileges. This vulnerability poses a significant risk, as it allows unauthorized users to gain elevated access and potentially cause extensive damage to affected systems. It is crucial for Langflow users to update to the latest version (1.0.13) as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.