CVE-2026-30824
Published: 07 March 2026
Summary
CVE-2026-30824 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
Flowise is a drag-and-drop interface for building customized large language model flows. Prior to version 3.0.13, its global authentication middleware explicitly whitelisted the NVIDIA NIM router paths under /api/v1/nvidia-nim/*, exposing privileged container management and token generation endpoints without requiring authentication. The flaw is tracked as CWE-306 and carries a CVSS 4.0 score of 7.7.
An unauthenticated remote attacker can directly invoke the affected endpoints to perform container operations and generate tokens, bypassing all intended access controls. Exploitation requires no user interaction or credentials and can be carried out over the network.
The project has released version 3.0.13 to remove the whitelist entry and enforce authentication on these routes. The fix is documented in the Flowise 3.0.13 release notes and the corresponding GitHub Security Advisory GHSA-5f53-522j-j454.
The vulnerability affects an AI/ML tooling component used to orchestrate LLM pipelines. EPSS currently stands at 0.2159 with the same recorded peak, indicating no material post-disclosure increase in observed exploitation interest.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10111
Vulnerability details
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and…
more
token generation endpoints. This issue has been patched in version 3.0.13.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: flowise, large language model
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in a public-facing web application (Flowise API endpoints), enabling unauthenticated remote exploitation (T1190). It directly grants access to privileged container management functions, facilitating container administration commands (T1609).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization checks on all endpoints, eliminating the whitelist bypass that exposed privileged NVIDIA NIM routes without credentials.
Requires identification and authentication prior to granting access to system functions, directly blocking unauthenticated calls to the container-management and token-generation endpoints.
Limits privileges to only those needed, reducing the impact of any endpoint that might still be reached without proper authentication.