CVE-2026-8028

EUVD-2026-27832

06.05.2026, 15:16

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
flowiseai	flowise	𝑥 ≤ 3.0.12

𝑥

= Vulnerable software versions

Known Exploits!

https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Vulnerability Media Exposure

[GERMAN] Flowise: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Ein Angreifer kann mehrere Schwachstellen in Flowise ausnutzen, um Informationen offenzulegen.
Published: 2026-05-06T22:00:00+00:00

References

https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b

https://vuldb.com/submit/777659

https://vuldb.com/vuln/361276

https://vuldb.com/vuln/361276/cti