CVE-2024-8181

CRITICAL EXPLOITED NUCLEI

Flowise <1.8.2 - Auth Bypass

Title source: llm

Description

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

Nuclei Templates (1)

Flowise <= 1.8.2 Authentication Bypass

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.favicon.hash:-2051052918

FOFA: title:"Flowise"

References (1)

[Third Party Advisory] https://tenable.com/security/research/tra-2024-33

Scores

CVSS v3 9.8

EPSS 0.6084

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-29

CWE

CWE-287

Status published

Products (2)

flowiseai/flowise 1.8.2

npm/flowise 0npm

Published Aug 27, 2024

Tracked Since Feb 18, 2026