Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-php6-83fg-gw3g
X_Refsource_Misc x_refsource_misc
https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2
Scores
CVSS v3
9.1
EPSS
0.0025
EPSS Percentile
16.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-522
Status
published
Products (3)
flowiseai/flowise
< 3.1.2
FlowiseAI/Flowise
< 3.1.2
npm/flowise
0 - 3.1.2npm
Published
Jun 08, 2026
Tracked Since
Jun 08, 2026