PT-2026-34738 · Flowise · Flowise

Published

2026-04-16

Updated

2026-04-23

CVE-2026-41273

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0

Description An authentication bypass allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public chatflow configuration endpoint, an attacker can retrieve internal workflow data, including OAuth credential identifiers, which can then be used to refresh and obtain valid OAuth 2.0 access tokens without authentication.

Recommendations Update to version 3.1.0.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2026-41273

GHSA-6F7G-V4PP-R667

Affected Products

Flowise

PT-2026-34738 · Flowise · Flowise

CVE-2026-41273

Weakness Enumeration

Related Identifiers

Affected Products

References · 5