CVE-2026-30823

NONE EPSS 35.9%
Published Mar 7, 20263mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 7, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.

Threat Intelligence

EPSS Exploit Probability
35.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-639
CWE-862 Missing Authorization Authorization

Affected Products 1

VendorProductVersionRange
flowiseaiflowise* <3.0.13

References 2

  • github.com https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13
    ProductRelease Notes
  • github.com https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cwc3-p92j-g7qm
    ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.