← back
CVE-2026-8028

FlowiseAI Flowise Endpoint account.service.ts verify information disclosure

CVSS 6.3 MEDIUMEPSS 0.4%CWE-200CWE-284
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
FlowiseAI · Flowise
public PoCs found1
cve_referencegist.github.com/YLChen-007/1d52497b0221835f99367be61612746bunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746bhttps://vuldb.com/submit/777659https://vuldb.com/vuln/361276https://vuldb.com/vuln/361276/cti