CVE-2026-30823

High CVSS: 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.

Vendor

Flowiseai

Product

Flowise

CWE

CWE-639

Yayın Tarihi

2026-03-07 06:16:10

Güncelleme

2026-03-11 13:36:25

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Flowise HIGH Flowiseai 2026

Referanslar

https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cwc3-p92j-g7qm

Benzer Kayıtlar

High

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise expose…

High

CVE-2026-30824

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NV…

High

CVE-2026-30822

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauth…

High

CVE-2026-30820

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowis…

High

CVE-2026-30821

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /a…

Medium

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase…