CVE-2026-8026

Summary

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
FlowiseAIFlowise3.0.0affected
FlowiseAIFlowise3.0.1affected
FlowiseAIFlowise3.0.2affected
FlowiseAIFlowise3.0.3affected
FlowiseAIFlowise3.0.4affected
FlowiseAIFlowise3.0.5affected
FlowiseAIFlowise3.0.6affected
FlowiseAIFlowise3.0.7affected
FlowiseAIFlowise3.0.8affected
FlowiseAIFlowise3.0.9affected
FlowiseAIFlowise3.0.10affected
FlowiseAIFlowise3.0.11affected
FlowiseAIFlowise3.0.12affected

Weaknesses

  • CWE-200: Information Disclosure
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References