CVE-2026-30823
NONE EPSS 35.9%
Published Mar 7, 20263mo ago · Modified Jun 17, 20261w ago
Published Mar 7, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago
Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.
Threat Intelligence
EPSS Exploit Probability
35.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 2
CWE-639
CWE-862 Missing Authorization Authorization
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| flowiseai | flowise | * | <3.0.13 |
References 2
- github.com https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13
- github.com https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cwc3-p92j-g7qm
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.