CVE-2026-8028

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FlowiseAI Flowise versions prior to 3.0.13

Description An issue exists in the 'Endpoint' component within the verify() function of the packages/server/src/enterprise/services/account.service.ts file. Manipulation of this function can lead to information disclosure. This flaw allows for remote exploitation, although it is characterized by high complexity and difficult exploitability.

Recommendations Update to a version later than 3.0.12. As a temporary workaround, restrict access to the verify() function in the packages/server/src/enterprise/services/account.service.ts file to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

CVE-2026-8028

Affected Products

Flowise

CVE-2026-8028

Weakness Enumeration

Related Identifiers

Affected Products

References · 7