Skip to main content

Flowise CVE-2025-71327

| EUVDEUVD-2025-210337 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-06-25 VulnCheck GHSA-hh9f-v2g6-c33c
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.1 CRITICAL

Network-reachable, low-complexity, unauthenticated account creation with no user interaction yields full API access, so PR:N/UI:N with high confidentiality and integrity impact; availability not directly affected.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 25, 2026 - 22:32 vuln.today
Analysis Generated
Jun 25, 2026 - 22:32 vuln.today

DescriptionCVE.org

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.

AnalysisAI

Authentication bypass in Flowise on-premise (npm package 'flowise', version 3.0.1 and earlier) lets unauthenticated remote attackers POST to the /api/v1/account/register endpoint to self-provision arbitrary user accounts and then log in, obtaining full API access without any prior credentials. The endpoint is open by default and the registration request is reusable, so an attacker can repeatedly create privileged ('type':'pro') accounts. A working proof-of-concept exists (publicly available exploit code exists via the VulnCheck/GHSA advisory), and the CVSS 4.0 base score of 9.3 reflects high confidentiality and integrity impact.

Technical ContextAI

Flowise is a low-code/drag-and-drop tool for building LLM orchestration flows and AI agents, deployed on-premise (commonly via Docker) with a REST API under /api/v1. The flaw is rooted in CWE-306 (Missing Authentication for a Critical Function): the account-creation route /api/v1/account/register is intended only for first-run organization setup but is left without an authentication or one-time guard, so it remains callable by anyone reachable on the network. Because account registration directly mints authenticatable identities, the missing access control on this single function collapses the entire authentication boundary of the application. The affected component per CPE is cpe:2.3:a:flowise:flowise:*:*:*:*:*:*:*:* (npm/flowise), with vulnerable versions = 3.0.1.

RemediationAI

No vendor-released patched version is identified in the available data - the npm advisory lists 'fixed in: None' - so this is best classed as 'No vendor-released patch identified at time of analysis'; monitor GHSA-v5w9-prxf-w882 for a fixed release and upgrade as soon as one is published. As immediate compensating controls: do not expose the Flowise API to untrusted networks - place it behind a VPN or restrict source IPs with a firewall (trade-off: breaks remote access for legitimate distributed users); put a reverse proxy or API gateway in front and explicitly block or require authentication on POST /api/v1/account/register after the initial admin account is created (trade-off: blocks any legitimate self-service registration); and enforce Flowise application-level authentication (FLOWISE_USERNAME/FLOWISE_PASSWORD / app-level auth) plus network ACLs so the management endpoint is not anonymously reachable. Audit existing user accounts for unexpected registrations (e.g., suspicious or 'pro' type accounts) created via this endpoint and revoke them. Refer to the vendor advisory at https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-v5w9-prxf-w882 and the VulnCheck advisory for updates.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

CVE-2025-71327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy