CVE-2026-41266
Published: 23 April 2026
Summary
CVE-2026-41266 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-22 (Publicly Accessible Content).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Defines and restricts permitted actions without authentication, preventing exposure of sensitive API keys and configurations via the unauthenticated /api/v1/public-chatbotConfig/:id endpoint.
Enforces approved authorizations to block unauthenticated access to sensitive data exposed by the vulnerable endpoint.
Restricts public access to sensitive system content such as stored credentials and HTTP headers in chatbot configurations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing Flowise web app exposes credentials and config via unauthenticated API endpoint, directly enabling exploitation of public-facing application (T1190) and retrieval of unsecured credentials (T1552).
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge…
more
just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers, leading to credential theft and more. This vulnerability is fixed in 3.1.0.
Deeper analysisAI
CVE-2026-41266 is an information disclosure vulnerability in Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. In versions prior to 3.1.0, the endpoint /api/v1/public-chatbotConfig/:id exposes sensitive data, including API keys, HTTP authorization headers, and internal configuration details, without requiring any authentication. This flaw, associated with CWE-200 (Exposure of Sensitive Information), CWE-522 (Insufficiently Protected Credentials), and CWE-862 (Missing Authorization), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with no requirements for privileges or user interaction.
An unauthenticated attacker with network access can exploit this vulnerability by simply knowing a chatflow UUID, which allows them to directly query the exposed endpoint and retrieve stored credentials from password-type fields and HTTP headers. Successful exploitation enables credential theft, potentially granting access to downstream services, LLM providers, or other integrated systems configured in the Flowise instance, leading to broader compromise depending on the stolen secrets.
The Flowise security advisory (GHSA-4jpm-cgx2-8h37) confirms the issue is fully resolved in version 3.1.0, recommending immediate upgrades for all prior installations. Operators should also review exposed chatflow UUIDs, rotate any compromised credentials, and implement network-level access controls on Flowise deployments until patching is complete.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: large language model