CVE-2026-30824

High CVSS: 7.7

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. This issue has been patched in version 3.0.13.

Vendor

Flowiseai

Product

Flowise

CWE

CWE-306

Yayın Tarihi

2026-03-07 06:16:10

Güncelleme

2026-03-11 13:35:41

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-306 Flowise HIGH Flowiseai 2026

Referanslar

https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5f53-522j-j454

Benzer Kayıtlar

High

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise expose…

High

CVE-2026-30823

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there…

High

CVE-2026-30822

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauth…

High

CVE-2026-30820

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowis…

High

CVE-2026-30821

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /a…

Medium

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase…