What is the CVSS score of CVE-2026-30822?

CVE-2026-30822 has a CVSS 3.0 base score of 7.7 (High). CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.1%.

Which versions of AI / ML are affected by CVE-2026-30822?

Flowise versions 3.0.13 and earlier contain a vulnerability allowing attackers to modify object attributes without proper authorization, potentially leading to unauthorized data manipulation or…. A patch is available.

Is there a public PoC exploit available for CVE-2026-30822?

Yes, a public proof-of-concept exploit is available for CVE-2026-30822. Prioritise patching immediately. EPSS: 0.1%.

AI / ML CVE-2026-30822

HIGH

Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915)

2026-03-07 security-advisories@github.com

GHSA-mq4r-h2gh-qv7x

Code Injection AI / ML Flowise

7.7

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 11, 2026 - 13:40 vuln.today

Public exploit code

CVE Published

Mar 07, 2026 - 05:16 nvd

HIGH 7.7

DescriptionNVD

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13.

AnalysisAI

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attributes (CVSS 7.7).

RemediationAI

Within 24 hours: Identify all Flowise deployments and their versions; isolate any running 3.0.13 or earlier from untrusted networks if possible. Within 7 days: Implement network segmentation or WAF rules to restrict access to Flowise administrative interfaces; monitor logs for suspicious object modification patterns. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-30822 vulnerability details – vuln.today

Back

AI / ML CVE-2026-30822

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code