Langflow Privilege Escalation Vulnerability via CLI Superuser Command

A privilege escalation vulnerability has been identified in Langflow, a tool for building AI-powered agents and workflows. This vulnerability exists in Langflow containers where an authenticated user with remote code execution (RCE) access can use the internal CLI command 'langflow superuser' to create a new administrative user. This process grants full superuser privileges, regardless of the user's initial registration status as a regular account. The issue arises because the 'superuser' command is not properly secured, allowing low-privileged users to exploit it after executing malicious code.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation to superuser status, giving the attacker complete control over the Langflow instance. This includes access to all user data, workflows, stored credentials, and configuration settings. Additionally, the vulnerability could lead to resource exhaustion by running multiple Langflow instances inside the container, degrading the service.

Reproduction

To reproduce this vulnerability, first, upload a reverse shell payload to the Langflow application using the '/api/v1/validate/code' endpoint. Once the payload is executed and a reverse shell is obtained, the 'langflow superuser' command can be invoked to create a new superuser account. After the account is created, log into the Langflow UI as the new superuser.

Remediation

Users can update to Langflow version 1.5.1 or later, where this vulnerability has been addressed.