CVE-2026-30823

HIGH

Flowise <3.0.13 - IDOR

Title source: llm

Description

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.

References (2)

[Vendor Advisory] https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cwc3-p92j-g7qm

[Release Notes] https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13

Scores

CVSS v3 8.8

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-862 CWE-639

Status published

Products (2)

flowiseai/flowise < 3.0.13

npm/flowise 0 - 3.0.13npm

Published Mar 07, 2026

Tracked Since Mar 07, 2026