CVE-2026-41273
Published: 23 April 2026
Summary
CVE-2026-41273 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Flowiseai Flowise. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-22 (Publicly Accessible Content).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 explicitly limits actions permitted without identification or authentication, directly preventing unauthenticated access to public chatflow configuration endpoints exposing OAuth credential identifiers.
AC-22 restricts and reviews publicly accessible content to prevent exposure of sensitive internal workflow data including OAuth credentials via public endpoints.
AC-3 enforces approved authorizations for access to system resources, mitigating the authentication bypass by blocking unauthenticated retrieval of OAuth tokens.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass in public-facing Flowise app enables T1190 (Exploit Public-Facing Application) for initial access; directly exposes OAuth credential IDs and allows unauthenticated retrieval/refresh of access tokens, facilitating T1528 (Steal Application Access Token).
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public…
more
chatflow. By accessing a public chatflow configuration endpoint, an attacker can retrieve internal workflow data, including OAuth credential identifiers, which can then be used to refresh and obtain valid OAuth 2.0 access tokens without authentication. This vulnerability is fixed in 3.1.0.
Deeper analysisAI
CVE-2026-41273 is an authentication bypass vulnerability (CWE-306) in Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. Affecting versions prior to 3.1.0, the flaw enables unauthenticated attackers to access a public chatflow configuration endpoint and retrieve internal workflow data, including OAuth credential identifiers associated with public chatflows. This exposure allows attackers to refresh and obtain valid OAuth 2.0 access tokens without authentication.
The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high severity due to network accessibility, low attack complexity, and no privileges required. Unauthenticated remote attackers can exploit it to steal sensitive OAuth 2.0 access tokens tied to public chatflows, potentially granting unauthorized access to downstream services or resources configured in the LLM workflow.
Flowise addressed this issue in version 3.1.0. Security practitioners should upgrade to this patched release immediately. Additional mitigation guidance is available in the GitHub security advisory at https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6f7g-v4pp-r667.
This vulnerability holds relevance for AI/ML deployments, as Flowise is designed for orchestrating LLM-based chatflows that may integrate external OAuth-protected services.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: large language model