FlowiseAI Flowise Endpoint account.service.ts verify information disclosure_CVE-2026-8028

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.

Basic Information

ID CVE-2026-8028

Source VulDB

Published May 6, 2026 at 14:15

Affected Product

Vendor FlowiseAI

Product Flowise

Version 3.0.0

Affected Versions FlowiseAI Flowise 3.0.0
FlowiseAI Flowise 3.0.1
FlowiseAI Flowise 3.0.2
FlowiseAI Flowise 3.0.3
FlowiseAI Flowise 3.0.4
FlowiseAI Flowise 3.0.5
FlowiseAI Flowise 3.0.6
FlowiseAI Flowise 3.0.7
FlowiseAI Flowise 3.0.8
FlowiseAI Flowise 3.0.9
FlowiseAI Flowise 3.0.10
FlowiseAI Flowise 3.0.11
FlowiseAI Flowise 3.0.12

CWE Classification

CWE-200 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.",
    "published": "2026-05-06T14:15:10.891Z",
    "modified": "2026-05-06T14:15:10.891Z",
    "type": "cve",
    "title": "FlowiseAI Flowise Endpoint account.service.ts verify information disclosure",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/361276\nhttps://vuldb.com/vuln/361276/cti\nhttps://vuldb.com/submit/777659\nhttps://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b",
    "id": "CVE-2026-8028",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "FlowiseAI Flowise 3.0.0\nFlowiseAI Flowise 3.0.1\nFlowiseAI Flowise 3.0.2\nFlowiseAI Flowise 3.0.3\nFlowiseAI Flowise 3.0.4\nFlowiseAI Flowise 3.0.5\nFlowiseAI Flowise 3.0.6\nFlowiseAI Flowise 3.0.7\nFlowiseAI Flowise 3.0.8\nFlowiseAI Flowise 3.0.9\nFlowiseAI Flowise 3.0.10\nFlowiseAI Flowise 3.0.11\nFlowiseAI Flowise 3.0.12",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Flowise",
    "version": "3.0.0",
    "vendor": "FlowiseAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}