PT-2026-51776 · Flowise · Flowise

Kolega-Ai-Dev

Published

2026-06-24

Updated

2026-06-24

CVE-2026-56272

CVSS v3.1

4.1

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database breach scenario.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916

Related Identifiers

CVE-2026-56272

Affected Products

Flowise

PT-2026-51776 · Flowise · Flowise

CVE-2026-56272

Weakness Enumeration

Related Identifiers

Affected Products

References · 3