anonhaven
Ad

CVE-2026-30823

HIGH CVSS 3.0: 8.8 EPSS 0.02%
Updated Mar 07, 2026
Flowise
Parameter Value
CVSS 8.8 (HIGH)
Fixed In 3.0.13
Type CWE-862 (Missing Authorization (Отсутствие авторизации)), CWE-639 (Authorization Bypass (Обход авторизации))
Vendor Flowise
Public PoC No

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
High
Полный отказ в обслуживании

CVSS Vector v3.0

Weakness Type (CWE)

CWE-862 Missing Authorization (Отсутствие авторизации)
CWE-639 Authorization Bypass (Обход авторизации)

References 2

https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13
security-advisories@github.com
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cwc3-p92j-g7qm
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-30822

Flowise

7.7

CVE-2026-30821

Flowise

8.2

CVE-2026-30820

Flowise

8.7