84 matches found
EUVD-2026-38367
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted the default, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace...
CVE-2026-56268
Flowise ≤ 3.1.1 is vulnerable via /api/v1/chatflows/apikey/:apikey. The keyonly parameter omission returns chatflows bound to the API key plus unprotected chatflows across all workspaces (no workspace filter). attacker with valid API key can read full ChatFlow configuration (flowData with system ...
Flowise <= 3.0.5 - Account Takeover
Flowise versions 3.0.5 and earlier had a vulnerability in the forgot-password endpoint, which returned valid reset tokens without authentication—allowing attackers to reset passwords and take over accounts. id: CVE-2025-58434 info: name: Flowise = 3.0.5 - Account Takeover author:...
EUVD-2026-38119
Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...
CVE-2026-46480
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...
CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...
CVE-2026-46477
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...
EUVD-2026-35110
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...
CVE-2026-41268
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
CVE-2026-41264
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can...
CVE-2026-41278
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...
Exploit for Infinite Loop in Dbgpt Db-Gpt
POCCVE-2024-36420 Local reproduction lab and nuclei template...
NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows
NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
FlowiseAI Vulnerable to Credential Data Leak
Severity: HIGH CVSS 7.5 Type: CWE-200 Exposure of Sensitive Information File: packages/server/src/services/credentials/index.ts:62-71 Description: When credentials are fetched with a credentialName filter parameter, the encryptedData field is NOT stripped from the response. The code properly omit...
CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...
Exploit for Missing Authentication for Critical Function in Flowiseai Flowise
CVE-2026-30824 — Flowise NVIDIA NIM Authentication Bypass Chec...
CVE-2026-41275
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle...
CVE-2026-41273
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public...
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...