ГлавнаяУязвимости → CVE-2026-41266
7.5высокая

CVE-2026-41266

Описание

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers, leading to credential theft and more. This vulnerability is fixed in 3.1.0.

Затрагиваемое ПО
Flowiseai Flowise
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-4jpm-cgx2-8h37https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-4jpm-cgx2-8h37