cbcvebase.
CVE-2024-8181
published 2024-08-27

CVE-2024-8181: An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an…

PriorityP188high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
46.11%
98.7th percentile
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

Affected

2 ranges
VendorProductVersion rangeFixed in
flowiseaiflowise
flowiseaiflowise0 – 1.8.2

Detection & IOCsextracted from sources · hover to see the quote

urlGET /api/v1/apikey?/api/v1/ping HTTP/1.1
path/api/v1/apikey?/api/v1/ping
otherhttp.favicon.hash:-2051052918
yara
regex: '"apiKey":"([^"]+)"'
  • Authentication bypass is triggered by appending a whitelisted path (/api/v1/ping) as a query parameter to a restricted endpoint (/api/v1/apikey), causing the server to skip authentication checks.
  • A successful exploit returns HTTP 200 with a JSON body containing both 'apiKey' and 'apiSecret' fields, indicating unauthenticated access to API key material.
  • Requests to the bypass endpoint include the Referer header set to /document-stores, which may appear in access logs as a distinguishing indicator.
  • Flowise instances can be fingerprinted on Shodan using favicon hash -2051052918 to identify exposed targets.
  • FOFA query 'title:"Flowise"' can be used to identify internet-exposed Flowise instances potentially vulnerable to this bypass.
  • ·The vulnerability affects Flowise version 1.8.2 and below. Only instances with authentication enabled are meaningfully protected by patching; instances without authentication configured are unaffected by this specific bypass but remain openly exposed.
  • ·The EPSS score of 0.60842 (98.3rd percentile) indicates very high exploitation probability in the wild; prioritize detection and patching accordingly.

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.