5 matches found
CVE-2026-56269
Flowise before 3.1.0 (npm package flowise;
EUVD-2026-38746
Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...
GHSA-M7MQ-85XJ-9X33 Flowise: Weak Default Token Hash Secret
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/utils/tempTokenUtils.ts:31-34 | | Practical Exploitability | Medium | | Developer Approver | [email protected] | Description The encryption key for token encryption has a weak...
GHSA-2QQC-P94C-HXWH Flowise: Weak Default Express Session Secret
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/middleware/passport/index.ts:55 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description Express session secret has a weak default value...
Flowise: Weak Default Express Session Secret
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/middleware/passport/index.ts:55 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description Express session secret has a weak default value...