Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt the stored credential (e.g., OpenAI or ElevenLabs API key) and generate speech. This vulnerability is fixed in 3.1.0.
Published: 2026-04-23
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: API Credit Abuse via Unauthenticated Credential Decryption
Action: Patch Immediately
AI Analysis

Impact

Flowise prior to version 3.1.0 exposes a text‑to‑speech endpoint that is publicly accessible and accepts a credentialId in the request body. The service uses this identifier to decrypt stored credentials, such as those for OpenAI or ElevenLabs, enabling the caller to generate speech and consume the associated third‑party API credit. This mechanism allows an attacker to abuse a victim’s API usage without requiring legitimate authentication, representing a credential abuse weakness (CWE‑639).

Affected Systems

Vulnerable instances run any Flowise version before release 3.1.0. The issue was fixed in 3.1.0 and the endpoint was secured starting with that version.

Risk and Exploitability

Based on the description, it is inferred that an attacker can reach the whitelisted endpoint from any network and submit a valid credentialId value. The likely attack vector is sending a POST request to POST /api/v1/text-to-speech/generate with a credentialId in the request body. Because the endpoint requires no authentication, the attack surface is large, and the CVSS score of 8.2 underscores the potential cost impact. The EPSS score of less than 1% indicates that exploitation is currently rare, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the financial impact to the owner of the stored credentials remains significant if the endpoint is abused. Implementing authentication or restricting the endpoint to trusted networks mitigates the risk by eliminating the unauthenticated entry point.

Generated by OpenCVE AI on April 28, 2026 at 14:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowise to version 3.1.0 or later, where the TTS endpoint requires proper authentication.
  • Apply firewall or network ACL rules to limit access to POST /api/v1/text-to-speech/generate to trusted IP ranges.
  • Disable the TTS endpoint or configure Flowise to ignore the credentialId parameter until the patch is deployed.

Generated by OpenCVE AI on April 28, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5fw2-mwhh-9947 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
History

Fri, 24 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Flowiseai
Flowiseai flowise
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Vendors & Products Flowiseai
Flowiseai flowise
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Thu, 23 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt the stored credential (e.g., OpenAI or ElevenLabs API key) and generate speech. This vulnerability is fixed in 3.1.0.
Title Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
Weaknesses CWE-639
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Flowiseai Flowise
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-23T20:18:05.355Z

Reserved: 2026-04-18T14:01:46.802Z

Link: CVE-2026-41279

cve-icon Vulnrichment

Updated: 2026-04-23T20:17:50.335Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T20:16:16.687

Modified: 2026-04-24T16:31:36.040

Link: CVE-2026-41279

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:45:16Z

Weaknesses