6 matches found
CVE-2026-46440
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...
CVE-2026-46440
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...
CVE-2026-46440 Flowise: Basic Auth Credentials Exposed via API
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...
CVE-2026-46440
Flowise CVE-2026-46440 affects Flowise versions before 3.1.2. The vulnerability is in the checkBasicAuth endpoint, which validates credentials in plaintext using direct comparison and without rate limiting. This can enable credential brute-forcing and enumeration, potentially granting access to t...
Flowise 安全漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability. This vulnerability stemmed from the checkBasicAuth endpoint, which validated credentials in plaintext without rate limits,...
FlowiseAI Exposes Basic Auth Credentials via API
Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Medium | | CWE | CWE-522 Insufficiently Protected Credentials | | Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 | | Practical Exploitability | Medium | | Developer Approv...