CVE-2026-30824
published 2026-03-07CVE-2026-30824: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*)…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
36.25%
98.3th percentile
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. This issue has been patched in version 3.0.13.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flowiseai | flowise | < 3.0.13 | 3.0.13 |
| flowiseai | flowise | >= 0 < 3.0.13 | 3.0.13 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP requests to the /api/v1/nvidia-nim/* path on Flowise instances; any request to this router without authentication headers should be treated as suspicious given the auth middleware whitelist bypass. ↗
- →Alert on access to privileged container management and token generation endpoints under /api/v1/nvidia-nim/ originating from unauthenticated sessions on Flowise versions prior to 3.0.13. ↗
- ·The vulnerable path /api/v1/nvidia-nim/* is explicitly whitelisted in Flowise's global authentication middleware, meaning no authentication token is required to reach it — detection must rely on access logging rather than auth failures. ↗
- ·This vulnerability affects all Flowise deployments prior to version 3.0.13; upgrade to 3.0.13 or later to remediate. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Flowise Missing Authentication on NVIDIA NIM Endpoints
osv·2026-03-06
CVE-2026-30824 [HIGH] Flowise Missing Authentication on NVIDIA NIM Endpoints
Flowise Missing Authentication on NVIDIA NIM Endpoints
# Missing Authentication on NVIDIA NIM Endpoints
## Summary
The NVIDIA NIM router (`/api/v1/nvidia-nim/*`) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints.
## Vulnerability Details
| Field | Value |
|-------|-------|
| CWE | CWE-306: Missing Authentication for Critical Function |
| Affected File | `packages/server/src/utils/constants.ts` |
| Affected Line | Line 20 (`'/api/v1/nvidia-nim'` in `WHITELIST_URLS`) |
| CVSS 3.1 | 8.6 (High) |
## Root Cause
In `packages/server/src/utils/constants.ts`, the NVIDIA NIM route is added to the authentication whitelist:
```typescript
export const WHITELIST_URLS = [
// ... other URLs
'/ap
GHSA
Flowise Missing Authentication on NVIDIA NIM Endpoints
ghsa·2026-03-06
CVE-2026-30824 [HIGH] CWE-306 Flowise Missing Authentication on NVIDIA NIM Endpoints
Flowise Missing Authentication on NVIDIA NIM Endpoints
# Missing Authentication on NVIDIA NIM Endpoints
## Summary
The NVIDIA NIM router (`/api/v1/nvidia-nim/*`) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints.
## Vulnerability Details
| Field | Value |
|-------|-------|
| CWE | CWE-306: Missing Authentication for Critical Function |
| Affected File | `packages/server/src/utils/constants.ts` |
| Affected Line | Line 20 (`'/api/v1/nvidia-nim'` in `WHITELIST_URLS`) |
| CVSS 3.1 | 8.6 (High) |
## Root Cause
In `packages/server/src/utils/constants.ts`, the NVIDIA NIM route is added to the authentication whitelist:
```typescript
export const WHITELIST_URLS = [
// ... other URLs
'/ap
No detection rules found.
Nuclei
Flowise - NVIDIA NIM Endpoints Missing Authentication
nuclei·CVSS 7.7
CVE-2026-30824 [HIGH] Flowise - NVIDIA NIM Endpoints Missing Authentication
Flowise - NVIDIA NIM Endpoints Missing Authentication
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints.
Template:
id: CVE-2026-30824
info:
name: Flowise - NVIDIA NIM Endpoints Missing Authentication
author: DhiyaneshDk
severity: high
description: |
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management a
Wiz
CVE-2026-30822 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-30822 [HIGH] CVE-2026-30822 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30822 :
Flowise vulnerability analysis and mitigation
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13.
Source : NVD
## 7.7
Score
Published March 7, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Flowise
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 39.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
flowise
Sources
NVD
npm Severity HIGH Has Fix Added at: Mar 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CV
Wiz
CVE-2026-30821 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-30821 [HIGH] CVE-2026-30821 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30821 :
Flowise vulnerability analysis and mitigation
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELIST_URLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on the MIME types defined in chatbotConfig.fullFileUpload.allowedUploadFileTypes, it implicitly trusts the client-provided Content-Type header (file.mimetype) without verifying the file's actual content (magic bytes) or extension (file.originalname). Consequently, an attacker can bypass this restriction by spoofing the Content-Type as a permitted type (e.g., application/pdf) while uploading malicious scripts or arbitrary files. Once up
Wiz
CVE-2026-30824 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-30824 [HIGH] CVE-2026-30824 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30824 :
Flowise vulnerability analysis and mitigation
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. This issue has been patched in version 3.0.13.
Source : NVD
## 7.7
Score
Published March 7, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Flowise
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
flowise
Sources
NVD
npm Severit
Wiz
CVE-2026-30820 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-30820 [HIGH] CVE-2026-30820 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30820 :
Flowise vulnerability analysis and mitigation
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/** authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints (API key management, credential stores, custom function execution, etc.), effectively escalating privilege. This issue has been patched in version 3.0.13.
Source : NVD
## 8.7
Score
Published March 7, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
Flowise
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA K
Wiz
GHSA-jc5m-wrp2-qq38 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
GHSA-jc5m-wrp2-qq38 Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-jc5m-wrp2-qq38 :
Flowise vulnerability analysis and mitigation
## Summary
/api/v1/account/forgot-password
## Vulnerability Details
CWE
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Affected File
packages/server/src/enterprise/services/account.service.ts
Endpoint
POST /api/v1/account/forgot-password
Authentication
None required
CVSS 3.1
3.7 (Low)
## Root Cause
account.service.ts
forgotPassword
public async forgotPassword(data: AccountDTO) {
// ...
const user = await this.userService.readUserByEmail(data.user.email, queryRunner)
if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)
data.user = user
// ... password reset logic ...
return sanitizeUser(data.user) // Returns user object with PII
}
s
Wiz
CVE-2026-31829 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-31829 [HIGH] CVE-2026-31829 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31829 :
Flowise vulnerability analysis and mitigation
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet. This vulnerability is fixed in 3.0.13.
Source : NVD
## 8.8
Score
Published March 10, 2026
Severity HIGH
CNA Score 7.
Wiz
CVE-2026-30823 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-30823 [HIGH] CVE-2026-30823 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30823 :
Flowise vulnerability analysis and mitigation
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.
Source : NVD
## 8.8
Score
Published March 7, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Flowise
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
flowise
Sources
NVD
npm Severity HIGH Has Fix Added at: Mar 08, 2026
## Get a CVE risk assessment
Get a prioritized
Wiz
GHSA-x2g5-fvc2-gqvp Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
GHSA-x2g5-fvc2-gqvp Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-x2g5-fvc2-gqvp :
Flowise vulnerability analysis and mitigation
## Description
The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security.
## Affected Code
export function getHash(value: string) {
const salt = bcrypt.genSaltSync(parseInt(process.env.PASSWORD_SALT_HASH_ROUNDS || '5'))
return bcrypt.hashSync(value, salt)
}
## Evidence
Using 5 salt rounds provides 2^5 = 32 iterations, which is far below the OWASP recommendation of 10 (2^10 = 1024 iterations) for bcrypt. This makes password hashes vulnerable to brute-force attacks with modern hardware.
## Impact
Faster password cracking - in the event of database compromise, attackers can crack password hashes significantly faster than with proper salt rounds, potentially compromising
2026-03-07
Published