CVE-2026-8028

Summary

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.

Affected Software

VendorProductVersion RangeStatus
FlowiseAIFlowise3.0.0affected
FlowiseAIFlowise3.0.1affected
FlowiseAIFlowise3.0.2affected
FlowiseAIFlowise3.0.3affected
FlowiseAIFlowise3.0.4affected
FlowiseAIFlowise3.0.5affected
FlowiseAIFlowise3.0.6affected
FlowiseAIFlowise3.0.7affected
FlowiseAIFlowise3.0.8affected
FlowiseAIFlowise3.0.9affected
FlowiseAIFlowise3.0.10affected
FlowiseAIFlowise3.0.11affected
FlowiseAIFlowise3.0.12affected

Weaknesses

  • CWE-200: Information Disclosure
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References