CVE-2024-7297

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.

Published: Jul 30, 2024
Updated: Jun 25, 2025
CVE: CVE-2024-7297
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
langflow / langflow	-	1.0.13

https://www.tenable.com/security/research/tra-2024-26

Vulnerability Database

CVE-2024-7297