Skip to content
CVSS 7.5 · HIGH

CVE-2026-41278

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image. Both public-chatflows AND public-chatbotConfig return completely raw flowData including credential IDs, plaintext API keys, and password-type fields. This vulnerability is fixed in 3.1.0.

View on NVD

Analysis

Flowise versions prior to 3.1.0 leak sensitive information, including plaintext API keys and credentials, via public chatflow endpoints. If you use Flowise to deploy chatbots or AI flows, your third-party service secrets are exposed to the internet until you update to version 3.1.0.

Severity

Score: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Weakness (CWE): CWE-200

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 12.0%
EPSS: 2026-05-06

Affects

flowiseai:flowise

Technical description

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image. Both public-chatflows AND public-chatbotConfig return completely raw flowData including credential IDs, plaintext API keys, and password-type fields. This vulnerability is fixed in 3.1.0.

Published: 4/23/2026, 8:16:16 PM
Last modified: 4/24/2026, 4:31:51 PM

References

HomeEventsBlogResourcesTeam