Skip to main content

Flowise CVE-2026-56277

| EUVDEUVD-2026-40432 MEDIUM
Origin Validation Error (CWE-346)
2026-06-30 VulnCheck GHSA-8m62-6r3h-3x25
6.9
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Drive-by CORS abuse requires victim to visit a malicious page (UI:R); attacker needs no credentials (PR:N); impact is low-severity TTS generation abuse with no availability or scope-change component.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 01, 2026 - 02:16 EUVD
Analysis Generated
Jun 30, 2026 - 23:40 vuln.today

DescriptionCVE.org

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to-speech (TTS) generation endpoint (packages/server/src/controllers/text-to-speech/index.ts), independent of the server's configured CORS policy. This bypasses the server's otherwise restrictive default CORS configuration (getCorsOptions()) and allows any webpage to make cross-origin requests that trigger TTS generation using stored credentials, enabling drive-by cross-origin credential abuse.

AnalysisAI

Cross-origin request forgery via a hardcoded CORS wildcard in Flowise's text-to-speech endpoint (versions before 3.1.2) allows any malicious webpage to trigger TTS generation using a victim's stored credentials. The controller file packages/server/src/controllers/text-to-speech/index.ts unconditionally sets Access-Control-Allow-Origin: *, directly overriding the server's restrictive getCorsOptions() CORS policy for that route. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify internet-facing Flowise instance
Delivery
Host malicious webpage with cross-origin TTS fetch script
Exploit
Lure authenticated Flowise user to malicious page
Execution
Browser sends cross-origin request to TTS endpoint
Persist
Hardcoded wildcard CORS header allows attacker to read response
Impact
TTS generation triggered under victim session context

Vulnerability AssessmentAI

Exploitation Three concurrent conditions are required: (1) the victim must have an active authenticated session to a Flowise instance, (2) the victim must visit an attacker-controlled webpage while that session is live, and (3) the Flowise TTS endpoint must be reachable from the victim's browser - either via public internet or a shared network the victim accesses. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N, score 6.9) rates this as network-exploitable with no prerequisites, but the UI:N designation is inconsistent with the described attack: drive-by CORS exploitation inherently requires a victim user to visit an attacker-controlled webpage, which maps to UI:P (passive) in CVSS 4.0 and UI:R in CVSS 3.1 - the provided score likely overstates exploitability as a result. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a public domain and serves a webpage containing JavaScript that issues a `fetch()` to a victim's Flowise TTS endpoint (e.g., `https://flowise.example.com/api/v1/text-to-speech`). When an authenticated Flowise user is socially engineered into visiting the attacker's page, the browser sends a cross-origin request; the hardcoded `Access-Control-Allow-Origin: *` permits the response to be read, and TTS generation is triggered using the victim's active session context, potentially abusing third-party TTS API credentials or quota. …
Remediation Upgrade Flowise to version 3.1.2 or later, which aligns the TTS endpoint's CORS handling with the server-wide `getCorsOptions()` policy, eliminating the hardcoded wildcard. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

CVE-2026-56277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy