Skip to main content

Flowise EUVDEUVD-2026-35111

| CVE-2026-46443 HIGH
Information Exposure (CWE-200)
2026-06-08 GitHub_M GHSA-7g73-99r4-m4mj
7.0
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (GitHub_M) · only source for this CVE.

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 08, 2026 - 18:18 vuln.today
Analysis Generated
Jun 08, 2026 - 18:18 vuln.today
Patch available
Jun 08, 2026 - 17:01 EUVD
CVSS changed
Jun 08, 2026 - 16:22 NVD
7.0 (HIGH)
CVE Published
Jun 08, 2026 - 15:30 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.

AnalysisAI

Information disclosure in FlowiseAI Flowise prior to version 3.1.2 allows authenticated users to retrieve encrypted credential blobs (API keys, passwords, OAuth tokens for OpenAI, AWS, etc.) by querying the credentials API with a credentialName filter. The /api/v1/credentials endpoint correctly strips the encryptedData field on unfiltered queries but omits this sanitization on the filtered code path, exposing AES-encrypted secrets to any authenticated caller. No public exploit identified at time of analysis, though a working curl reproduction is published in the GHSA advisory.

Technical ContextAI

Flowise is an open-source drag-and-drop LLM orchestration UI written in TypeScript/Node.js, commonly self-hosted to compose chains and agents that integrate third-party AI and cloud services. The bug lives in packages/server/src/services/credentials/index.ts: the unfiltered list path iterates results through lodash omit(credential, ['encryptedData']) at line 102, but the filtered branch (lines 62-71, triggered by the credentialName query parameter) pushes the raw TypeORM Credential entity directly into the response. This is a textbook CWE-200 (Exposure of Sensitive Information) caused by inconsistent output filtering across two sibling code paths. The leaked encryptedData is AES-encrypted, so impact is amplified when an attacker can also read the default-permission encryption key file at ~/.flowise/encryption.key, enabling full plaintext recovery of every stored credential.

RemediationAI

Vendor-released patch: upgrade to Flowise 3.1.2 or later via npm (release notes at https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2, fix implemented in PR #6042). If immediate upgrade is not possible, restrict network access to the /api/v1/credentials endpoint to trusted admin IPs via a reverse-proxy ACL, rotate every credential currently stored in Flowise (OpenAI, AWS, vector DB keys, etc.) on the assumption they may already be exfiltrated, and tighten filesystem permissions on ~/.flowise/encryption.key (chmod 600, restrict to the Flowise service account) to break the secondary decryption-key exposure described in the advisory. Note that proxy-level endpoint blocking will break legitimate credential-selection workflows inside the Flowise UI, so this is a stop-gap only. Consult the GHSA-7g73-99r4-m4mj advisory for the full fix description.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

EUVD-2026-35111 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy