CVE-2025-57760

High CVSS: 8.8

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

Vendor

Langflow

Product

Langflow

CWE

CWE-269

Yayın Tarihi

2025-08-25 17:15:30

Güncelleme

2025-09-03 13:56:12

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-269 Langflow HIGH Langflow 2025

Referanslar

http://github.com/langflow-ai/langflow/pull/9152 https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97 https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r

Benzer Kayıtlar

Critical

CVE-2026-33873

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assis…

High

CVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/ap…

High

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_p…

Critical

CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection…

Critical

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypas…

Medium

CVE-2026-33053

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_ap…