CVE-2026-8028

FlowiseAI Flowise Endpoint account.service.ts verify information disclosure

CVSS 6.3 MEDIUMEPSS 0.4%CWE-200 CWE-284

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Produtos afetados

FlowiseAI · Flowise

PoCs públicas encontradas — 1

cve_referencegist.github.com/YLChen-007/1d52497b0221835f99367be61612746bnão verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b https://vuldb.com/submit/777659 https://vuldb.com/vuln/361276 https://vuldb.com/vuln/361276/cti