What is the CVSS score of CVE-2026-30820?

CVE-2026-30820 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of AI / ML are affected by CVE-2026-30820?

Flowise versions prior to 3.0.13 contain a critical authentication bypass vulnerability that allows attackers with valid tenant credentials to escalate privileges and access unauthorized API…. A patch is available.

Is there a public PoC exploit available for CVE-2026-30820?

Yes, a public proof-of-concept exploit is available for CVE-2026-30820. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-30820?

Within 24 hours: Inventory all Flowise deployments and document current versions; isolate any instances running versions below 3.0.13 from production if possible. Within 7 days: Implement WAF rules to block requests with x-request-from: internal headers from external sources; enable detailed API logging to detect exploitation attempts. Within 30 days: Upgrade to Flowise 3.0.13 or later once available; conduct forensic review of API access logs for unauthorized activity; reset credentials for all tenant accounts as a precaution.

AI / ML CVE-2026-30820

HIGH

Incorrect Authorization (CWE-863)

2026-03-07 security-advisories@github.com

GHSA-wvhq-wp8g-c7vq

Authentication Bypass AI / ML Flowise

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 11, 2026 - 13:46 vuln.today

Public exploit code

CVE Published

Mar 07, 2026 - 05:16 nvd

HIGH 8.8

DescriptionGitHub Advisory

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/** authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints (API key management, credential stores, custom function execution, etc.), effectively escalating privilege. This issue has been patched in version 3.0.13.

AnalysisAI

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoofing an internal request header, granting access to sensitive administrative functions including API key and credential management. Public exploit code exists for this vulnerability, and an attacker with valid tenant credentials can escalate to administrative privileges without additional authentication. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as low-privilege tenant

Delivery

Set x-request-from: internal header

Exploit

Bypass authorization checks on /api/v1/** endpoints

Execution

Access admin functions and API keys

Impact

Escalate privileges

Access

Authenticate as low-privilege tenant

Delivery

Set x-request-from: internal header

Exploit

Bypass authorization checks on /api/v1/** endpoints

Execution

Access admin functions and API keys

Impact

Escalate privileges

Vulnerability AssessmentAI

Exploitation	Flowise versions prior to 3.0.13 with x-request-from: internal header trust mechanism enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker (requires authentication) could exploit this vulnerability to compromise the affected system.
Remediation	Fixed in version 3.0.13.. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Flowise deployments and document current versions; isolate any instances running versions below 3.0.13 from production if possible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-30820 vulnerability details – vuln.today

Back

AI / ML CVE-2026-30820

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code