4 matches found
CVE-2025-71327
Flowise has an authentication bypass in the unprotected /api/v1/account/register endpoint. Unauthenticated attackers can register arbitrary accounts and gain full API access without credentials. CVSS metrics are provided (v3.1: 9.1; v4.0: 9.3), indicating a critical impact on confidentiality and ...
EUVD-2025-197874
Flowise has Authentication Bypass Using Unprotected Registration Endpoint /register...
GHSA-V5W9-PRXF-W882 Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)
Summary An unauthenticated attacker can exploit the unprotected registration endpoint /register to create a new user and bypass authentication. Details Critical vulnerability in Flowise 3.0.1 on-premise deployment allows unauthenticated attackers to exploit the /api/v1/account/register endpoint t...
Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)
Summary An unauthenticated attacker can exploit the unprotected registration endpoint /register to create a new user and bypass authentication. Details Critical vulnerability in Flowise 3.0.1 on-premise deployment allows unauthenticated attackers to exploit the /api/v1/account/register endpoint t...