CVE-2024-8181

CRITICAL EXPLOITED NUCLEI

Flowise 1.8.2 - Unauthenticated Authentication Bypass

Title source: llm

Exploitation Summary

CVE-2024-8181 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

Nuclei Templates (1)

Flowise <= 1.8.2 Authentication Bypass

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.favicon.hash:-2051052918

FOFA: title:"Flowise"

References (1)

Core 1

Core References

Third Party Advisory

https://tenable.com/security/research/tra-2024-33

Scores

CVSS v3 9.8

EPSS 0.4611

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2024-09-29

CWE

CWE-287

Status published

Products (2)

flowiseai/flowise 1.8.2

npm/flowise 0npm

Published Aug 27, 2024

Tracked Since Feb 18, 2026