The vulnerability exists in the endpoint /api/admin/user/:id, which allows users with the 'manager' role to change their account permissions to the 'admin' role. The application does not differentiate between 'admin' and 'manager' roles, allowing a manager to escalate their privileges to admin. This can lead to unauthorized access to critical application settings such as LLM Preference, Embedding Preference, Vector Database, and Data Connectors.

An attacker with 'manager' role intercepts the HTTP request when updating their account details and modifies the role to 'admin'. After logging out and logging back in, the attacker gains admin privileges and can perform administrative actions within the application.

Users of the latest version of the software who have accounts with 'manager' roles are affected. This includes any organization using the software where managers have access to the user management endpoint.