CVE-2026-30820
Published: 07 March 2026
Summary
CVE-2026-30820 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Flowiseai Flowise. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 32.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 requires enforcement of approved authorizations on system resources, directly mitigating the CVE's authorization bypass via the trusted 'x-request-from: internal' header on /api/v1 endpoints.
AC-6 enforces least privilege, limiting damage from privilege escalation by ensuring low-privilege tenants cannot access admin endpoints even if authorization is partially bypassed.
SI-10 mandates validation of external inputs like HTTP headers, preventing exploitation by rejecting or sanitizing the untrusted 'x-request-from: internal' header.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass on admin endpoints directly enables exploitation for privilege escalation (T1068); custom function execution maps to command/scripting (T1059); access to credential stores/API keys maps to unsecured credentials (T1552).
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/**…
more
authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints (API key management, credential stores, custom function execution, etc.), effectively escalating privilege. This issue has been patched in version 3.0.13.
Deeper analysisAI
CVE-2026-30820 is a privilege escalation vulnerability in Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. In versions prior to 3.0.13, Flowise trusts any HTTP client that sets the header "x-request-from: internal," enabling the bypass of all authorization checks on /api/v1/** endpoints. Classified as CWE-863 (Incorrect Authorization), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A low-privilege authenticated tenant can exploit this over the network by including the trusted header in requests using only a valid browser session cookie. This grants access to sensitive internal administration endpoints, such as API key management, credential stores, and custom function execution, resulting in effective privilege escalation with high impacts on confidentiality, integrity, and availability.
The issue was patched in Flowise version 3.0.13. Official mitigation details are available in the release notes at https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13 and the GitHub security advisory at https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wvhq-wp8g-c7vq.
As Flowise supports LLM workflow construction, the vulnerability holds relevance for AI/ML deployments handling sensitive credentials or API integrations.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: large language model