CVE-2026-8028

FlowiseAI Flowise Endpoint account.service.ts verify information disclosure

CVSS 6.3 MEDIUMEPSS 0.4%CWE-200 CWE-284

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

FlowiseAI · Flowise

PoCs públicas encontradas — 1

cve_referencegist.github.com/YLChen-007/1d52497b0221835f99367be61612746bno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b https://vuldb.com/submit/777659 https://vuldb.com/vuln/361276 https://vuldb.com/vuln/361276/cti