CVE-2026-8026

EUVD-2026-27824
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
flowiseaiflowise
𝑥
≤ 3.0.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://gist.github.com/YLChen-007/50a553f09aa1c7c04ce18cec13986a91
https://vuldb.com/submit/777656
https://vuldb.com/vuln/361273
https://vuldb.com/vuln/361273/cti
https://gist.github.com/YLChen-007/50a553f09aa1c7c04ce18cec13986a91