Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Network-reachable and unauthenticated to attempt, but successful compromise depends on guessing an operator-set password, raising AC to High; no availability impact on the auth endpoint itself.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
8DescriptionNVD
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.
AnalysisAI
Credential brute-force exposure in Flowise prior to 3.1.2 allows remote unauthenticated attackers to perform unlimited password-guessing attacks against the checkBasicAuth endpoint, which lacks rate limiting and uses non-constant-time plaintext comparison against the FLOWISE_USERNAME and FLOWISE_PASSWORD environment variables. Successful exploitation grants full access to the Flowise LLM workflow builder. No public exploit identified at time of analysis, though the GHSA advisory documents the vulnerable code path in detail and EPSS sits at a low 0.04%.
Technical ContextAI
Flowise is a Node.js/TypeScript application providing a drag-and-drop interface for building LLM workflows. The flaw lives in packages/server/src/enterprise/controllers/account.controller.ts at lines 128-135, where the checkBasicAuth controller reads username and password from the JSON request body and compares them with the JavaScript === operator against process.env.FLOWISE_USERNAME and process.env.FLOWISE_PASSWORD. This maps to CWE-522 (Insufficiently Protected Credentials) because the RateLimiterManager is scoped to chatflow endpoints and never wraps the auth route, the strict-equality comparison is not constant-time (enabling timing side-channels), and divergent success/failure response messages permit username enumeration. The affected CPE is cpe:2.3:a:flowiseai:flowise covering all releases up to and including 3.1.1.
RemediationAI
Vendor-released patch: upgrade Flowise to 3.1.2 or later, available at https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2, which is bundled with several other security fixes including CORS hardening on the TTS endpoint and IDOR fixes in /api/v1/user. If immediate upgrade is not possible, place the checkBasicAuth endpoint (and the broader Flowise UI) behind a reverse proxy or WAF that enforces strict per-IP rate limits and IP allowlisting - accepting the trade-off that legitimate operator logins from new IPs may be blocked - and rotate FLOWISE_USERNAME/FLOWISE_PASSWORD to long, high-entropy values to make brute-force computationally infeasible. Additionally restrict network exposure of the Flowise instance to trusted management networks or a VPN, recognizing this disrupts any intended internet-facing usage, and enable application-level access logging to detect enumeration attempts. Full advisory details are available at https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-php6-83fg-gw3g.
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c
FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una
Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9
Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent
Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi
Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per
Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof
Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).
Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili
Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35107
GHSA-php6-83fg-gw3g