What is the CVSS score of CVE-2026-30824?

CVE-2026-30824 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of AI / ML are affected by CVE-2026-30824?

Flowise versions up to 3.0.13 contain a critical authentication bypass vulnerability (CVSS 9.8) that allows unauthorized access to critical functions without credentials.. A patch is available.

Is there a public PoC exploit available for CVE-2026-30824?

Yes, a public proof-of-concept exploit is available for CVE-2026-30824. Prioritise patching immediately. EPSS: 0.0%.

AI / ML CVE-2026-30824

CRITICAL

Missing Authentication for Critical Function (CWE-306)

2026-03-07 security-advisories@github.com

GHSA-5f53-522j-j454

Authentication Bypass AI / ML Flowise

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 11, 2026 - 13:35 vuln.today

Public exploit code

CVE Published

Mar 07, 2026 - 06:16 nvd

CRITICAL 9.8

DescriptionNVD

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. This issue has been patched in version 3.0.13.

AnalysisAI

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerability data. PoC available.

RemediationAI

Within 24 hours: Inventory all Flowise deployments and document version numbers; immediately restrict network access to Flowise instances to trusted networks only. Within 7 days: Evaluate upgrading to Flowise 3.0.14 or later if available, or migrate to alternative solutions; implement WAF rules to block exploitation attempts if upgrade unavailable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-30824 vulnerability details – vuln.today

Back

AI / ML CVE-2026-30824

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code