Home

Description

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.

PUBLISHED Reserved 2026-05-06 | Published 2026-05-06 | Updated 2026-05-06 | Assigner VulDB




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
2.6AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:OF/RC:C

Problem types

Information Disclosure

Improper Access Controls

Product status

3.0.0
affected

3.0.1
affected

3.0.2
affected

3.0.3
affected

3.0.4
affected

3.0.5
affected

3.0.6
affected

3.0.7
affected

3.0.8
affected

3.0.9
affected

3.0.10
affected

3.0.11
affected

3.0.12
affected

Timeline

2026-05-06:Advisory disclosed
2026-05-06:VulDB entry created
2026-05-06:VulDB entry last update

Credits

Eric-a (VulDB User) reporter

References

gist.github.com/YLChen-007/50a553f09aa1c7c04ce18cec13986a91 exploit

vuldb.com/vuln/361273 (VDB-361273 | FlowiseAI Flowise API Response account.service.ts login information disclosure) vdb-entry technical-description

vuldb.com/vuln/361273/cti (VDB-361273 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/submit/777656 (Submit #777656 | FlowiseAI Flowise <= 3.0.12 Exposure of Sensitive Information (CWE-200)) third-party-advisory

gist.github.com/YLChen-007/50a553f09aa1c7c04ce18cec13986a91 related

cve.org (CVE-2026-8026)

nvd.nist.gov (CVE-2026-8026)

Download JSON