2 matches found
CVE-2026-56268
Flowise ≤ 3.1.1 is vulnerable via /api/v1/chatflows/apikey/:apikey. The keyonly parameter omission returns chatflows bound to the API key plus unprotected chatflows across all workspaces (no workspace filter). attacker with valid API key can read full ChatFlow configuration (flowData with system ...
PT-2026-51405
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description An information disclosure issue exists in the '/api/v1/chatflows/apikey/:apikey' endpoint. When the keyonly query parameter is omitted, the system returns chatflows bound to the provided API key as...