SB2026040908 - Multiple vulnerabilities in Flowise

Security Bulletin ID SB2026040908

Severity

High

Patch available

YES

Number of vulnerabilities 8

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: N/A)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to exposure of sensitive information to an unauthorized actor in the POST /api/v1/account/forgot-password endpoint when handling forgot-password requests with a valid email address. A remote attacker can send a specially crafted request containing a known email address to disclose sensitive information.

The response may include user id, name, email, status, timestamps, and internal reference fields.

2) Missing Authentication for Critical Function (CVE-ID: CVE-2026-30824)

The vulnerability allows a remote attacker to disclose sensitive information in a subsequent system.

The vulnerability exists due to missing authentication for critical function in the NVIDIA NIM endpoints when handling requests to /api/v1/nvidia-nim/*. A remote attacker can send crafted requests to obtain a valid NVIDIA API token and disclose sensitive information in a subsequent system.

On systems with Docker or NIM installed, additional unauthenticated endpoint access may allow container enumeration, image pulls, container starts, or service disruption.

3) Use of Password Hash With Insufficient Computational Effort (CVE-ID: N/A)

The vulnerability allows a local privileged user to disclose sensitive information.

The vulnerability exists due to use of password hash with insufficient computational effort in the password hashing utility when generating bcrypt password hashes with the default salt rounds setting. A local privileged user can obtain password hashes and perform brute-force cracking to disclose sensitive information.

Existing password hashes generated with the weak default remain more susceptible to offline cracking if a database compromise occurs.

4) Authorization bypass through user-controlled key (CVE-ID: CVE-2026-30823)

The vulnerability allows a remote user to take over accounts and bypass enterprise feature restrictions.

The vulnerability exists due to authorization bypass through a user-controlled key in the PUT /api/v1/loginmethod endpoint when handling authenticated requests that supply an organizationId in the JSON body. A remote user can send a specially crafted request with a target organizationId to take over accounts and bypass enterprise feature restrictions.

The issue can be exploited by overwriting another organization's SSO configuration, including provider credentials, and does not require user interaction.

5) Improperly Controlled Modification of Dynamically-Determined Object Attributes (CVE-ID: CVE-2026-30822)

The vulnerability allows a remote attacker to modify internal lead entity fields and compromise data integrity.

The vulnerability exists due to improperly controlled modification of dynamically-determined object attributes in the /api/v1/leads endpoint when handling lead creation requests. A remote attacker can send a specially crafted request body to modify internal lead entity fields and compromise data integrity.

The issue allows control of server-managed fields such as id, createdDate, and chatId.

6) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-31829)

The vulnerability allows a remote user to access internal network resources and modify internal services.

The vulnerability exists due to server-side request forgery (SSRF) in the HTTP Node in AgentFlow and Chatflow when processing user-controlled URLs for server-side HTTP requests. A remote user can send a specially crafted URL to access internal network resources and modify internal services.

The HTTP Request node supports multiple HTTP methods, including GET, POST, PUT, PATCH, and DELETE, and can reach localhost, private IP ranges, and cloud metadata endpoints.

7) Arbitrary file upload (CVE-ID: CVE-2026-30821)

The vulnerability allows a remote attacker to upload arbitrary files.

The vulnerability exists due to unrestricted upload of file with dangerous type in the /api/v1/attachments/:chatflowId/:chatId endpoint when handling file upload requests that rely on the client-supplied Content-Type header. A remote attacker can send a specially crafted multipart/form-data request with a spoofed MIME type to upload arbitrary files.

The affected endpoint is whitelisted, allowing unauthenticated access, and uploaded files may persist in S3, GCS, or local storage.

8) Incorrect authorization (CVE-ID: CVE-2026-30820)

The vulnerability allows a remote user to bypass authorization checks and escalate privileges.

The vulnerability exists due to incorrect authorization in the /api/v1 route authorization middleware when handling requests with a spoofed x-request-from: internal header. A remote user can send a request with the spoofed header using a valid tenant session cookie to bypass authorization checks and escalate privileges.

The issue affects downstream routers under /api/v1, including internal administration endpoints such as API key management, credential stores, and custom function execution.

Remediation

Install update from vendor's website.

SB2026040908 - Multiple vulnerabilities in Flowise

Breakdown by Severity

Description

Remediation

References

Please verify you're human