Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image. Both public-chatflows AND public-chatbotConfig return completely raw flowData including credential IDs, plaintext API keys, and password-type fields. This vulnerability is fixed in 3.1.0.
Published: 2026-04-23
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Immediate Patch
AI Analysis

Impact

Prior to version 3.1.0, Flowise’s public chatflow API endpoint (GET /api/v1/public-chatflows/:id) returned the entire chatflow object without removing sensitive information. As a result, the response included credential IDs, plaintext API keys, and password‑type fields. This flaw can lead to the accidental disclosure of authentication secrets and other confidential data to anyone who can query a public chatflow ID.

Affected Systems

The vulnerability affects the FlowiseAI Flowise product for all releases older than version 3.1.0. It applies to both the standard and Dockerized distributions, including the v3.0.13 Docker image, which lacks the sanitization function. Users running these older builds are exposed regardless of whether the public-chatflow endpoint is enabled via configuration.

Risk and Exploitability

The CVSS score of 8.7 reflect a high severity risk of sensitive data exposure. The EPSS score of less than 1% indicates that the probability of active exploitation is currently low, and the flaw is not yet listed in the CISA KEV catalog. The attack vector is remote over the network; an attacker only needs to know or discover a public chatflow identifier to retrieve the raw data. The lack of sanitization in the deployed image makes the data easily retrievable without additional privileges, so the risk primarily concerns confidentiality loss for credentials stored within the chatflow definitions.

Generated by OpenCVE AI on April 28, 2026 at 14:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowise to version 3.1.0 or later to enable sanitization for public chatflow endpoints.
  • Disable or restrict access to the /api/v1/public-chatflows and /api/v1/public-chatbotConfig endpoints until the application can be patched, ensuring only authorized users can query these resources.
  • Review existing chatflow definitions for exposed credentials and either remove or encrypt sensitive fields before redeploying or exporting the chatflows.

Generated by OpenCVE AI on April 28, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w47f-j8rh-wx87 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
History

Fri, 24 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Flowiseai
Flowiseai flowise
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Vendors & Products Flowiseai
Flowiseai flowise
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 24 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image. Both public-chatflows AND public-chatbotConfig return completely raw flowData including credential IDs, plaintext API keys, and password-type fields. This vulnerability is fixed in 3.1.0.
Title Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Flowiseai Flowise
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T13:39:52.900Z

Reserved: 2026-04-18T14:01:46.802Z

Link: CVE-2026-41278

cve-icon Vulnrichment

Updated: 2026-04-24T13:39:49.761Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T20:16:16.550

Modified: 2026-04-24T16:31:51.023

Link: CVE-2026-41278

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:45:16Z

Weaknesses