Main Vulnerability Database Exploits ID:12684 - Exploit for Missing Authentication for Critical Function in Flowise - CVE-2026-30824

ID:12684 - Exploit for Missing Authentication for Critical Function in Flowise - CVE-2026-30824

Published: April 30, 2026

Vulnerability identifier: #VU125527

Vulnerability risk: High

CVE-ID: CVE-2026-30824

CWE-ID: CWE-306

Exploitation vector: Remote access

Vulnerable software:
Flowise

Link to public exploit:

https://github.com/dylvie/CVE-2026-30824-Flowise-NVIDIA-NIM-Authentication

Vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information in a subsequent system.

The vulnerability exists due to missing authentication for critical function in the NVIDIA NIM endpoints when handling requests to /api/v1/nvidia-nim/*. A remote attacker can send crafted requests to obtain a valid NVIDIA API token and disclose sensitive information in a subsequent system.

On systems with Docker or NIM installed, additional unauthenticated endpoint access may allow container enumeration, image pulls, container starts, or service disruption.

Remediation

Install security update from vendor's website.

ID:12684 - Exploit for Missing Authentication for Critical Function in Flowise - CVE-2026-30824

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human