PT-2026-37628 · Flowiseai · Flowise

Eric-A

Published

2026-05-06

Updated

2026-05-06

CVE-2026-8026

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FlowiseAI Flowise versions prior to 3.0.13

Description A security flaw in the API Response Handler component allows for remote information disclosure. The issue exists within the Login() function located in the packages/server/src/enterprise/services/account.service.ts file. This attack is characterized by high complexity and is difficult to exploit.

Recommendations Upgrade to a version later than 3.0.12. As a temporary workaround, restrict access to the Login() function until the update is applied.

Exploit

Fix

Information Disclosure

Improper Access Control

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-284CWE-312

Related Identifiers

CVE-2026-8026

GHSA-8F47-4RH3-X44M

Affected Products

Flowise

PT-2026-37628 · Flowiseai · Flowise

CVE-2026-8026

Weakness Enumeration

Related Identifiers

Affected Products

References · 12