Cyber Resilience

CVE-2026-30824

HighPublic PoC

Published: 07 March 2026

Published
07 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.3625 98.3th percentile
Risk Priority 60 floored blend · peak EPSS

Summary

CVE-2026-30824 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

Flowise is a drag-and-drop interface for building customized large language model flows. Prior to version 3.0.13, its global authentication middleware explicitly whitelisted the NVIDIA NIM router paths under /api/v1/nvidia-nim/*, exposing privileged container management and token generation endpoints without requiring authentication. The flaw is tracked as CWE-306 and carries a CVSS 4.0 score of 7.7.

An unauthenticated remote attacker can directly invoke the affected endpoints to perform container operations and generate tokens, bypassing all intended access controls. Exploitation requires no user interaction or credentials and can be carried out over the network.

The project has released version 3.0.13 to remove the whitelist entry and enforce authentication on these routes. The fix is documented in the Flowise 3.0.13 release notes and the corresponding GitHub Security Advisory GHSA-5f53-522j-j454.

The vulnerability affects an AI/ML tooling component used to orchestrate LLM pipelines. EPSS currently stands at 0.2159 with the same recorded peak, indicating no material post-disclosure increase in observed exploitation interest.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and…

more

token generation endpoints. This issue has been patched in version 3.0.13.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: flowise, large language model

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1609 Container Administration Command Execution
Adversaries may abuse a container administration service to execute commands within a container.
Why these techniques?

The vulnerability is an authentication bypass in a public-facing web application (Flowise API endpoints), enabling unauthenticated remote exploitation (T1190). It directly grants access to privileged container management functions, facilitating container administration commands (T1609).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41273Same product: Flowiseai Flowise
CVE-2025-58434Same product: Flowiseai Flowise
CVE-2025-8943Same product: Flowiseai Flowise
CVE-2026-41272Same product: Flowiseai Flowise
CVE-2026-41277Same product: Flowiseai Flowise
CVE-2026-41274Same product: Flowiseai Flowise
CVE-2025-34267Same product: Flowiseai Flowise
CVE-2026-41270Same product: Flowiseai Flowise
CVE-2026-31829Same product: Flowiseai Flowise
CVE-2026-41269Same product: Flowiseai Flowise

Affected Assets

flowiseai
flowise
≤ 3.0.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks on all endpoints, eliminating the whitelist bypass that exposed privileged NVIDIA NIM routes without credentials.

prevent

Requires identification and authentication prior to granting access to system functions, directly blocking unauthenticated calls to the container-management and token-generation endpoints.

prevent

Limits privileges to only those needed, reducing the impact of any endpoint that might still be reached without proper authentication.

References