Cyber Resilience

CVE-2026-41275

HighPublic PoC

Published: 23 April 2026

Published
23 April 2026
Modified
25 April 2026
KEV Added
Patch
CVSS Score v4 7.5 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 11.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-41275 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 11.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-8 (Transmission Confidentiality and Integrity) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-41275 affects Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. In versions prior to 3.1.0, the password reset functionality on cloud.flowiseai.com transmits reset links over unsecured HTTP rather than HTTPS, violating secure communication practices as defined by CWE-319 (Cleartext Transmission of Sensitive Information). This flaw exposes sensitive reset tokens to interception, with a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts under specific conditions.

An attacker can exploit this vulnerability via a man-in-the-middle (MITM) attack when positioned on the same network as the victim, such as public Wi-Fi. The scenario requires the user to initiate a password reset (user interaction), after which the attacker intercepts the HTTP-transmitted reset link containing the token. Successful interception allows the attacker to access the link, complete the reset process, and gain unauthorized control of the victim's Flowise account, potentially compromising LLM workflows or associated data.

The Flowise security advisory (GHSA-x5w6-38gp-mrqh) and associated HackerOne report detail the issue and confirm mitigation by upgrading to version 3.1.0, which enforces HTTPS for password reset links. No additional workarounds are specified, emphasizing the need for immediate patching on cloud.flowiseai.com deployments.

Flowise's focus on LLM orchestration introduces AI/ML relevance, as account compromise could enable attackers to manipulate or exfiltrate custom model flows, though no public evidence of real-world exploitation exists as of the CVE publication on 2026-04-23.

EU & UK References

Vulnerability details

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior…

more

introduces the risk of a man-in-the-middle (MITM) attack, where an attacker on the same network as the user (e.g., public Wi-Fi) can intercept the reset link and gain unauthorized access to the victim’s account. This vulnerability is fixed in 3.1.0.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: flowise, large language model

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

The vulnerability's cleartext HTTP transmission of password reset tokens directly enables man-in-the-middle interception attacks on the same network (e.g., public Wi-Fi) to capture the token and perform account takeover.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-30821Same product: Flowiseai Flowise
CVE-2026-41277Same product: Flowiseai Flowise
CVE-2026-30824Same product: Flowiseai Flowise
CVE-2026-41278Same product: Flowiseai Flowise
CVE-2026-41264Same product: Flowiseai Flowise
CVE-2026-41274Same product: Flowiseai Flowise
CVE-2026-41269Same product: Flowiseai Flowise
CVE-2026-41265Same product: Flowiseai Flowise
CVE-2026-41271Same product: Flowiseai Flowise
CVE-2026-31829Same product: Flowiseai Flowise

Affected Assets

flowiseai
flowise
≤ 3.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic protection of transmitted sensitive information such as password reset links to prevent man-in-the-middle interception over unsecured HTTP.

prevent

Mandates timely flaw remediation including patching Flowise to version 3.1.0 which enforces HTTPS for password reset links.

prevent

Requires management and protection of authenticators like password reset tokens during transmission to commensurate with their sensitivity, addressing insecure HTTP delivery.

References