FlowiseAI Flowise API Response account.service.ts login information disclosure_CVE-2026-8026

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

Description

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.

Basic Information

ID CVE-2026-8026

Source VulDB

Published May 6, 2026 at 12:30

Modified May 6, 2026 at 13:03

Affected Product

Vendor FlowiseAI

Product Flowise

Version 3.0.0

Affected Versions FlowiseAI Flowise 3.0.0
FlowiseAI Flowise 3.0.1
FlowiseAI Flowise 3.0.2
FlowiseAI Flowise 3.0.3
FlowiseAI Flowise 3.0.4
FlowiseAI Flowise 3.0.5
FlowiseAI Flowise 3.0.6
FlowiseAI Flowise 3.0.7
FlowiseAI Flowise 3.0.8
FlowiseAI Flowise 3.0.9
FlowiseAI Flowise 3.0.10
FlowiseAI Flowise 3.0.11
FlowiseAI Flowise 3.0.12

CWE Classification

CWE-200 CWE-284

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.",
    "published": "2026-05-06T12:30:11.747Z",
    "modified": "2026-05-06T13:03:55.441Z",
    "type": "cve",
    "title": "FlowiseAI Flowise API Response account.service.ts login information disclosure",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/361273\nhttps://vuldb.com/vuln/361273/cti\nhttps://vuldb.com/submit/777656\nhttps://gist.github.com/YLChen-007/50a553f09aa1c7c04ce18cec13986a91",
    "id": "CVE-2026-8026",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "FlowiseAI Flowise 3.0.0\nFlowiseAI Flowise 3.0.1\nFlowiseAI Flowise 3.0.2\nFlowiseAI Flowise 3.0.3\nFlowiseAI Flowise 3.0.4\nFlowiseAI Flowise 3.0.5\nFlowiseAI Flowise 3.0.6\nFlowiseAI Flowise 3.0.7\nFlowiseAI Flowise 3.0.8\nFlowiseAI Flowise 3.0.9\nFlowiseAI Flowise 3.0.10\nFlowiseAI Flowise 3.0.11\nFlowiseAI Flowise 3.0.12",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Flowise",
    "version": "3.0.0",
    "vendor": "FlowiseAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}