Cyber Resilience

CVE-2026-41267

HighPublic PoC

Published: 23 April 2026

Published
23 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 25.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41267 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Flowiseai Flowise. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-41267 is an improper mass assignment vulnerability, also described as JSON injection, affecting the account registration endpoint in Flowise Cloud prior to version 3.1.0. Flowise is a drag-and-drop user interface for building customized large language model (LLM) flows. The issue, linked to CWE-639 (Authorization Bypass Through User-Controlled Key) and CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes), stems from the failure to properly restrict client-supplied input during account creation, allowing injection of server-managed fields and nested objects. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility but high attack complexity.

Unauthenticated attackers can exploit this vulnerability remotely by submitting crafted JSON payloads during the registration process. This enables manipulation of critical server-controlled data, including ownership metadata, timestamps, organization associations, and role mappings. In Flowise Cloud's multi-tenant environment, such control breaks trust boundaries, potentially allowing attackers to escalate privileges, access or alter other users' resources, or disrupt isolation between tenants.

The vulnerability is addressed in Flowise version 3.1.0, as detailed in the GitHub Security Advisory GHSA-48m6-ch88-55mj. Security practitioners should upgrade to the patched version and review access logs for suspicious registration attempts, particularly those involving unexpected field injections.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed…

more

fields and nested objects during account creation. This enables client-controlled manipulation of ownership metadata, timestamps, organization association, and role mappings, breaking trust boundaries in a multi-tenant environment. This vulnerability is fixed in 3.1.0.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: flowise, large language model

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1136.003 Cloud Account Persistence
Adversaries may create a cloud account to maintain access to victim systems.
T1098.003 Additional Cloud Roles Persistence
An adversary may add additional roles or permissions to an adversary-controlled cloud account to maintain persistent access to a tenant.
Why these techniques?

The vulnerability in the public-facing account registration endpoint enables exploitation of a public-facing application (T1190), facilitates creation of cloud accounts with elevated privileges (T1136.003), and manipulation of cloud roles during registration (T1098.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41277Same product: Flowiseai Flowise
CVE-2026-41279Same product: Flowiseai Flowise
CVE-2026-41272Same product: Flowiseai Flowise
CVE-2025-34267Same product: Flowiseai Flowise
CVE-2026-41274Same product: Flowiseai Flowise
CVE-2025-8943Same product: Flowiseai Flowise
CVE-2026-40933Same product: Flowiseai Flowise
CVE-2026-31829Same product: Flowiseai Flowise
CVE-2026-41268Same product: Flowiseai Flowise
CVE-2026-41269Same product: Flowiseai Flowise

Affected Assets

flowiseai
flowise
≤ 3.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation and sanitization of client-supplied JSON inputs during account registration to prevent injection and mass assignment of server-managed fields like ownership metadata and role mappings.

prevent

Enforces access control policies to mediate requests and restrict unauthorized client-side manipulation of server-controlled attributes such as timestamps, organization associations, and privileges in multi-tenant environments.

prevent

Establishes processes for secure account creation that override or ignore client-supplied values for critical attributes, ensuring proper assignment of ownership and roles server-side.

References