FlowiseAI Flowise User Controller authorization_CVE-2026-8027

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

Description

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated remotely. The affected component should be upgraded.

Basic Information

ID CVE-2026-8027

Source VulDB

Published May 6, 2026 at 13:45

Affected Product

Vendor FlowiseAI

Product Flowise

Version 3.0.0

Affected Versions FlowiseAI Flowise 3.0.0
FlowiseAI Flowise 3.0.1
FlowiseAI Flowise 3.0.2
FlowiseAI Flowise 3.0.3
FlowiseAI Flowise 3.0.4
FlowiseAI Flowise 3.0.5
FlowiseAI Flowise 3.0.6
FlowiseAI Flowise 3.0.7
FlowiseAI Flowise 3.0.8
FlowiseAI Flowise 3.0.9
FlowiseAI Flowise 3.0.10
FlowiseAI Flowise 3.0.11
FlowiseAI Flowise 3.0.12

CWE Classification

CWE-639 CWE-285

References

{
    "lastseen": "",
    "description": "A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated remotely. The affected component should be upgraded.",
    "published": "2026-05-06T13:45:10.213Z",
    "modified": "2026-05-06T13:45:10.213Z",
    "type": "cve",
    "title": "FlowiseAI Flowise User Controller authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/361274\nhttps://vuldb.com/vuln/361274/cti\nhttps://vuldb.com/submit/777657\nhttps://gist.github.com/YLChen-007/3584e6ffa0bba6367328ecf0b46b0e4b",
    "id": "CVE-2026-8027",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "FlowiseAI Flowise 3.0.0\nFlowiseAI Flowise 3.0.1\nFlowiseAI Flowise 3.0.2\nFlowiseAI Flowise 3.0.3\nFlowiseAI Flowise 3.0.4\nFlowiseAI Flowise 3.0.5\nFlowiseAI Flowise 3.0.6\nFlowiseAI Flowise 3.0.7\nFlowiseAI Flowise 3.0.8\nFlowiseAI Flowise 3.0.9\nFlowiseAI Flowise 3.0.10\nFlowiseAI Flowise 3.0.11\nFlowiseAI Flowise 3.0.12",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Flowise",
    "version": "3.0.0",
    "vendor": "FlowiseAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}